Authorization

All API calls will be verified using the Tapp Secret along with the TappID, or a PageAccessToken. If you want to send the requests from the frontend, you have to use a PageAccessToken.
We recommend to use the basic authorization scheme using the tapp secret.

Secret

The secret required for the basic authorization in the backend can be found in the tapp administration after your tapp is registered there.

When you're using requests as they are described in the reference section, you will have to build up the requests with an authorization header. This is the point where you are going to need the tapp secret.

The authorization header is build up like this

Authorization: Basic {TappId}:{Secret}

You have to replace {TappId} and {Secret} (including the brackets) with the tappId of the tapp the request was sent from and the secret that can be found in the tapp administration.
The part containing {TappId}:{Secret} has to be Base64 encoded.

---

PageAccessToken (not recommended)

To get an PageAccessToken you have to run a POST request.

POST https://api.chayns.net/v2.0/{LocationID}/AccessToken

You have to set the Content-Type to 'application/json' and add a Authorization header, with the following scheme

Authorization: 'Basic' + Base64String(TappID:Tapp Secret)

The request-body has to contain a string-array of permissions for the requested AccessToken, named 'permissions'.

permissions = ['PublicInfo', 'UserInfo', 'DeviceInfo', 'SeeUAC', 'EditUAC', 'Push', 'Email'];

The request will return an JSON-Object, that contains an string-array named 'data'. The first item of the array is the PageAccessToken.