To perform non-anonymous call on Quatrix API, client application should obtain session token. Additionally every call should be signed with user's password pbkdf2 to form 'authorization' header. Login call accepts user login (email), referer (to differentiate accounts) and authorization token. Authorization token is calculated based on HTTP request method, route URI, login, timestamp and user's password pbkdf2. If login was successful - API returns 200 OK status with X-Auth-Token header containing newly created session token. This session id is than used as variable to calculate authorization token for next API calls that require authorization. Failed login returns 401 HTTP error.
Parameters
Name | Type | Description |
login required | string | plain text |
passwd required | string | pbkdf2 user password |
data optional | object | allows to show Product tour for user first visit |
cb optional | function | callback function |
Example
this.requesttoken = function( login, passwd, data, cb ) { // Expire token token = undefined; this.clearLocalStorage(['token', 'pbkdf']); _genPbkdf( passwd, function(){ return _request( { method : 'GET', headers : { 'X-Auth-Login' : login }, data : data, url : '/session/login', callback : cb }); }); };
Add Comment