Authentication

In order for a user agent to access some protected resource, it first has to authenticate itself with the API. It can do so by using one of the authentication mechanisms listed below.

Basic access[rfc2617]

In order for a user to access his or her protected resources and make use of basic access authentication, one needs a username and password; which can be acquired from one of our administrators via email: admin@flextrack.dk.

Username and password are combined into a string (i.e. “username:password”) and the resulting string is then Base64[rfc4648] encoded. The authorization method and a space (i.e. “Basic ”) is then put before the encoded string.

For example, if the user agent uses “test@flextrack.dk” as the username and “test” as the password, then the header is formed as follows.

Some headers and the responses are removed for brevity.

GET /account HTTP/1.1
Authorization: Basic dGVzdEBmbGV4dHJhY2suZGs6dGVzdA==

HTTP/1.1 200 OK

...

A response on a protected resource request without authentication looks as follows.

GET /account HTTP/1.1

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Basic realm="Resource owner"

...

Bearer token[rfc6750]

Any party in possession of a bearer token (a “bearer”) can use it to get access to the associated resources (i.e. a users protected resources), without the need of a username and password. To prevent misuse, bearer tokens need to be protected from disclosure in storage and in transport.

A bearer token can currently only be obtained, when kindly asking one of our administrators via email: admin@flextrack.dk.

Some headers and the responses are removed for brevity.

GET /account HTTP/1.1
Authorization: Bearer 5J3uoYSFLOS2LsrzUjBKSS4oLOI0EjeJ2hdqf661UY4FrvflOR

HTTP/1.1 200 OK

...

A response on a protected resource request without authentication looks as follows.

GET /account HTTP/1.1

HTTP/1.1 401 Unauthorized
WWW-Authenticate: Bearer realm="Resource owner"

...