Authentification:

OAuth 2 is here used to make the authentification reliable. The details of the authentification flow are as follows:

1. Registration of the application

The developer has to register the application in this platform. The name of the application and the auto-generated secret shall be embedded in the app's implementation.

2. How to authorize the application

The key that the application uses for accessing the data of FuD is access_token. To get access_token an application needs to do:

Step 1:

The application tells the browser to go to the authrization URL where the authorization can be done. The parameter state is useful for the application to maintain processing state before or after the authentification.

Authorization URL: /oauthAuthorise?response_type=code&client_id=appId&state=state

Step 2:

The user is promoted to login and authrizes the application manually. Then the Platform redirects the user's browser to the application using its redirection URI. 2 GET-parameters code and state is added to the URI.

For example: https://example.com/oneApp?code=code&state=state

Step 3:

The application exchanges the code for access_token by sending it to /fudToken using POST-method. The appId and secret must be added to the header of the request and encoded in Base64 format. The parameters code must be added to the body of the request.

For example: a simplest HTTP request to get access_token
POST /oauthToken HTTP/1.1
Authorization: Basic abcde (abcde is base64-encoded string of appId:secret)

grant_type=authorization_code&code=code

The FuD API Platform checks the content of authorization in header and the code in body. If everything is OK it sends back access_token in JSON.

{
    'access_token':'b18a0030148dae2dbee9ba581255712928700aed',
    'token_type':'bearer',
    'expires_in_sec':604800,
    'refresh_token':'2267dc5f39e50431bc1ece25cb769cf14407eac9'
}