Authentication

User and password

This is the first type of authentication that you will need to use in order to get credentials for other means of authentication.

You just need to POST your username and password to /api/v1/users/me/apiTokens and you will get a token.

$ curl -d '{"user": "thomas", "pass": "mys3cr3tP4ss"}' \
       -X POST \
       https://app.xfleet.io/api/v1/users/me/apiTokens
{
    "id": "4qCOjE28EZULjw4eDzHrMZ",
    "token": "5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ",
    "expiryDate": "2019-03-25T20:49:46+00:00"
}

Token

Once you have a valid token (see the previous section) you can pass it in the HTTP headers.

The tokens are valid for 24 hours.

$ curl -H 'Authorization: Token 5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ' \
       -X GET \
       https://app.xfleet.io/api/v1/users/me
{
  "email": "thomas@xfleet.io",
  "username": "thomas",
  "active": true,
  "id": "WGn88UPMOpXKSwQPyui68"
}

API Keys

You can generate and then use API keys to authenticate your API calls.

The API key does not expire (make sure you keep it safe).

You will be able to see the plain text API key only after creating it (subsequent calls to the API keys endpoint will return only the API key hash).

API Key Generation

$ curl -H 'Authorization: Token 5f34529edf6fbe1cfdbfeaf132481fd74qCOjE28EZULjw4eDzHrMZ' \
       -X POST \
       https://app.xfleet.io/api/v1/users/me/apiKeys
{"id":"4wmIjToD1FT8YofcfTaatc","apiKey":"093d9c70784c2ed367cb2cb28ffe20944wmIjToD1FT8YofcfTaatc"}

API Key Usage

As with the token, pass your API key in the HTTP header.

$ curl -H 'Authorization: ApiKey 093d9c70784c2ed367cb2cb28ffe20944wmIjToD1FT8YofcfTaatc' \
       -X GET \
       https://app.xfleet.io/api/v1/users/me
{
  "email": "thomas@xfleet.io",
  "username": "thomas",
  "active": true,
  "id": "WGn88UPMOpXKSwQPyui68"
}