Application Authentication

Application authentication is done by sending a POST request to api/v1/authenticate with an application token. An auth_token is returned in response to successful authentication. The auth_token is used for subsequent requests to the API, but has a short validity period. When this expires, the application token must be used again to gain a new auth_token.

An application may optionally authenticate as a child organisation, by specifying the target organisation in the JSON request.

Request

The json body of the request should contain the following:

  • application_token (String) required - this application token is received after a successful POST request to /api/v1/application_token
  • organisation (Object) optional - the numerical ID of an organisation

example:

{
  "application_token": "kNTktNTA1My00YzdhLT..."
}

Response

Unlike basic authentication, only an auth_token is returned by the server:

  • auth_token (String) - an auth_token used to validate calls to the API

example:

{
  "auth_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}