Authentication
User and password
This is the first type of authentication that you will need to use in order to get credentials for other means of authentication.
You just need to POST
your username and password to /api/v1/users/me/apiTokens
and you will get a token.
$ curl -d '{"user": "thomas", "pass": "mys3cr3tP4ss"}' \
-X POST \
https://app.xfleet.io/api/v1/users/me/apiTokens
{
"id": "4qCOjE28EZULjw4eDzHrMZ",
"token": "5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ",
"expiryDate": "2019-03-25T20:49:46+00:00"
}
Token
Once you have a valid token (see the previous section) you can pass it in the HTTP headers.
The tokens are valid for 24 hours.
$ curl -H 'Authorization: Token 5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ' \
-X GET \
https://app.xfleet.io/api/v1/users/me
{
"email": "thomas@xfleet.io",
"username": "thomas",
"active": true,
"id": "WGn88UPMOpXKSwQPyui68"
}
API Keys
You can generate and then use API keys to authenticate your API calls.
The API key does not expire (make sure you keep it safe).
You will be able to see the plain text API key only after creating it (subsequent calls to the API keys endpoint will return only the API key hash).
API Key Generation
$ curl -H 'Authorization: Token 5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ' \
-X POST \
https://app.xfleet.io/api/v1/users/me/apiKeys
{"id":"4wmIjToD1FT8YofcfTaatc","apiKey":"093d9c70784c2ed367cb2cb28ffe20944wmIjToD1FT8YofcfTaatc"}
API Key Usage
As with the token, pass your API key in the HTTP header.
$ curl -H 'Authorization: ApiKey 093d9c70784c2ed367cb2cb28ffe20944wmIjToD1FT8YofcfTaatc' \
-X GET \
https://app.xfleet.io/api/v1/users/me
{
"email": "thomas@xfleet.io",
"username": "thomas",
"active": true,
"id": "WGn88UPMOpXKSwQPyui68"
}