Skip to content

Authorization

Benedikt Schulze Baek edited this page Feb 14, 2017 · 21 revisions

All API calls will be verified using the Tapp Secret along with the TappID, or a PageAccessToken. If you want to send the requests from the frontend, you have to use a PageAccessToken.
We recommend to use the basic authorization scheme using the tapp secret.

Secret

The secret required for the basic authorization in the backend can be found in the tapp administration.

When you're using requests as they are described in the reference section, you will have to build up the requests with an authorization header. This is the point where you are going to need the tapp secret.

The authorization header is build up like this

Authorization: Basic {TappId}:{Secret}

You have to replace {TappId} and {Secret} (including the brackets) with the tappId of the tappId the request was sent from and the secret that can be found in the tapp administration.


PageAccessToken (not recommended)

To get an PageAccessToken you have to run a POST (HTTP) request. You have to set the Content-Type to 'application/json' and add a Authorization header, with the following scheme

'Basic ' + Base64String(TappID:Tapp Secret)

The request-body has to contain a string-array of permissions for the requested AccessToken, named 'permissions'.

permissions = ['PublicInfo', 'UserInfo', 'DeviceInfo', 'SeeUAC', 'EditUAC', 'Push', 'Email'];

The request will return an JSON-Object, that contains an string-array named 'data'. The first item of the array is the PageAccessToken.
Here you can find code examples for creating the PageAccessToken in C#, Node.JS and PHP.