stoney core: Authentication Resource - REST API

From stoney cloud
Jump to: navigation, search

Also visit stoney core: Authentication Resource Mapping (REST - LDAP).

Auth action

To give a client the possibility of verifying username and password, a pseudo-ressource is provided, the only method implemented is the GET.

Auth retrieval (GET)

Auth retrieval (GET) example

To verify the authentication the clients sends a HTTP GET request on the auth's resource URI https://api.example.com/v1/auth. The service responds with a HTTP status code:

  • 200 (OK) on success
  • 401 (Unauthorized) on authentication failure
  • 429 (Too Many Requests)

The service must never return 403 or similar to avoid attacks which try to figure out which users exist and which do not.

Request:

GET /v1/auth/ HTTP 1.1
HOST: api.example.com
AUTHORIZATION: Basic QWxhZGRpbjpvcGVuIHNlc2FtZQ==
Accept: application/json

Answer:

HTTP/1.1 200 OK
Content-Type: application/json; charset=UTF-8 
{
  "id": 4000123,
  "user": "user@example.com",
  "location": "https://api.example.com/v1/people/4000123"
}