3. Getting started¶
3.1. Application credentials¶
W2E API provides access to user data for 3rd party applications. Before using the API, application must register to W2E and get client_id & client_secret for the application. Please contact W2E team to get these.
| Parameter | Description |
|---|---|
| client_id | ID for you application |
| client_secret | Secret for your application |
3.2. User credentials¶
Parameters the application must store for each user:
| parameter | description |
|---|---|
| access_token | Token used to access user account |
| refresh_token | Token used to renew access_token |
| username | User identifier |
How to get these:
- If user already has W2E account, authorization must be requested from the user: Authorization.
- If user does not have W2E account, the W2E account can be created for the user. The user does not even need to know that a W2E account is created: Create user.
3.3. Access_token¶
Requests to user data are authenticated with HTTP Authorization header:
'Authorization: Bearer {access_token}'
for example:
'Authorization: Bearer XHaeSTbLr1dusWvHT6nIuCYAKKGt7m5fDKpEHiWCfubLanN4'
3.4. Refresh_token¶
access_token is valid for a year or less, then it must be refreshed.
| method | HTTP POST |
| uri | https://w2e.fi/oauth/refresh_token |
| header | “Content-Type: application/json” |
| json parameter | description |
|---|---|
| client_id | ID for you application |
| client_secret | Secret for your application |
| refresh_token | Token used to renew access_token |
| username | User identifier |
Curl example:
curl -X POST https://w2e.fi/oauth/refresh_token -d '{"client_id":"XHaeSTbLr1dusWvH","client_secret":"3qCtNaUIH0x11HGjY1Kp9HrdOprT5uRFOeSMFbmqC9WQ6kWcZAzQ44lA0IyIWF6q","refresh_token":"1pSLXu2i1yBMzDjrcBM3YsK1H85zETJkhN0Xt6v3npDKAl7KORjZWq6kSu1DfRYX","username":"krvgklmqxonttfjx"}'
Response example:
{"access_token": "XHaeSTbLr1dusWvHHHHk6G3XSTaGRifNdZRbSirMuTiBMKeb", "username": "krvgklmqxonttfjx", "expires": "2015-09-10T06:41:16Z"}
3.5. Validate access_token¶
access_token can be validated
| method | HTTP GET |
| uri | https://w2e.fi/api/users/{username}/oauth/validate_token |
| header | “Authorization: Bearer {access_token}” |
| username | User identifier |
| access_token | Token used to access user account |
Curl example:
curl -X GET https://w2e.fi/api/users/krvgklmqxonttfjx/oauth/validate_token --header "Authorization: Bearer XHaeSTbLr1dusWvHHHHk6G3XSTaGRifNdZRbSirMuTiBMKeb"
Response example:
{"client_id": "XHaeSTbLr1dusWvH", "username": "krvgklmqxonttfjx", "expires": "2015-09-10T06:41:16Z"}
3.6. Revoke access_token¶
Authorization can be revoked. If user account was created by application, the whole account is destroyed.
| method | HTTP DELETE |
| uri | https://w2e.fi/api/organizations/{client_id}/users/{username} |
| header | “Authorization: Bearer {access_token}” |
| client_id | ID for you application |
| username | User identifier |
| access_token | Token used to access user account |
Curl example:
curl -X DELETE https://w2e.fi/api/organizations/XHaeSTbLr1dusWvH/users/krvgklmqxonttfjx --header "Authorization: Bearer XHaeSTbLr1dusWvHHHHk6G3XSTaGRifNdZRbSirMuTiBMKeb"
Response example:
{"status": "removed"}