SeeClickFix currently supports the following authentication methods for access to API v2. 1. HTTP Basic Authentication 1. OAauth2 Authentication
HTTP Basic Authentication
This method is appropriate when the client has direct access to user credentials (username and password).
$ curl -u "email@example.com:password" https://seeclickfix.com/api/v2/profile
This method is appropriate when the client application is being used by multiple users and the user’s credentials should not be shared with the client directly.
SeeClickFix supports OAuth2’s “authorization code flow” as documented in RFC 6749
The Doorkeeper documentation provides some easier to read information regarding the sequence of API calls.
Before an application (API client) can use OAuth2 with SeeClickFix it must be registered with our system. Register your app by sending the following information to firstname.lastname@example.org:
- Name of Application
- Organization Name
- Technical Contact Name, Email, Phone
- Administrative Contact Name, Email, Phone
- The callback URI to be used during the authentication phase and token phase
SeeClickFix will register the application and return an application id and secret. The name of the application will be presented to users on authorization and deauthorization views and so should be selected such that users understand which application is accessing SeeClickFix services on their behalf.
With the id and secret, authentication and API access can proceed as follows:
- Client Application initiates browser access to SCF authentication endpoint
SCF user enters SCF credentials and on success is redirected to Client Application Redirect URI with code
Client Application uses code to request access token from SCF token endpoint. Doorkeeper example
SCF returns access token to Client Application
Client Application can now make API requests on behalf of the user, by including user’s access token. See RFC 6750 for options and detail for transmitting the access token to the API endpoints.