Authorization
All API calls will be verified using the Tapp Secret along with the TappID, or a PageAccessToken. If you want to send the requests from the frontend, you have to use a PageAccessToken.
The secret required for the basic authorization in the backend can be found in the tapp administration after your tapp is registered there.
When you use the backend API we must Identifier your system and the Roles, you have granted. To do so you have to build up the requests with an authorization header. This is the point where you need the tapp secret.
The authorization header is build up like this
Authorization: Basic Base64String({TappId}:{Secret})
You have to replace {TappId} and {Secret} (including the brackets) with the tappId of the tapp the request was sent from and the secret that can be found in the tapp administration.
The part containing {TappId}:{Secret} has to be Base64 encoded.
PageAccessToken (Snippet)
The PageAccessToken is only 15 minutes valid. You can use it to communicate directly with the API Server from your frontend. To get a Token you have to run a POST request from your backend to the backend API using. The token can be refreshed anytime during the 15 minutes.
POST https://api.chayns.net/v2.0/{LocationID}/AccessToken
You have to set the Content-Type to 'application/json' and add a Authorization header, with the following scheme
Authorization: Basic Base64String({TappId}:{Secret})
The request-body has to contain a string-array of permissions for the requested AccessToken, named 'permissions'.
permissions = ['PublicInfo', 'UserInfo', 'DeviceInfo', 'SeeUAC', 'EditUAC', 'Push', 'Email'];The request will return a JSON-object, that contains an string-array named 'data'. The first item of the array is the PageAccessToken.
