Authentication
Last updated
Last updated
To use the FibriCheck API, there are two levels of authentication:
Application authentication: your application needs to have credentials to communicate with FibriCheck
User authentication: the end user needs to have proper credentials to authenticate against FibriCheck
FibriCheck supports OAuth 1.0 and OAuth 2.0 mechanisms for authentication and authorization of users.
When using OAuth 1.0, you need to add 2 sets of credentials to each request to the FibriCheck API:
The Consumer Key and Consumer Secret, identify the application and are always required. We provide these credentials to you.
The Access Token and Token Secret identify the user and are always required except for the user registration and authentication call. The authentication call that exchanges a e-mail/password combination for an Access Token and Token Secret is described below.
Keep in mind that an access token and token secret must always be used with the consumer key/secret they were generated with.
The tokenData
information can be used to authenticate the user for subsequent API calls.
POST
https://api.fibricheck.com/auth/v2/oauth1/tokens
Authorization*
String
OAuth 1.0 Authorization Header
email*
String
password*
String
Each of the API calls below are protected using the client_secret_basic
method. The Authorization
header must be in the Basic: encodedString
format, where the encodedString
is a result of Base64 encoding of OAuth clientβs clientId:clientSecret
.
Password grant flow
Refresh token grant flow
After an initial login you can use the previously obtained refresh token to get a new token.
The access_token
in the result can be used to authenticate other calls using Bearer authentication.
POST
https://api.fibricheck.com/auth/v2/oauth2/tokens
With every new access token, a new refresh token is provided. Make sure always to store the latest refresh token.
You can disable user authentication/access by removing their authentication tokens. This means the user will be logged out and must log in again to continue.
Execute an API call with the following payload to remove their authentication tokens:
POST
https://api.fibricheck.com/tasks/v1/functions/integration/execute
data*
String
Payload
The remainder of this page discusses how to authenticate existing users, take a look to learn more about registering new users.
To implement the OAuth 1 protocol, additional parameters such as a request signature and nonce need to be added to the request. The contains an example request to authenticate successfully.
Also, libraries exist for each platform that facilitates performing OAuth 1.0 requests, for example in the Node.JS ecosystem.
When you choose to authenticate via OAuth 2.0 (), you will receive a clientId
and clientSecret
.