Authorization Token
All request to the AVP API must contain a valid authorization token, which can be located in a request dependent manor or as a HTTP header. Failure of the first located token will trigger authentication failure of the request.
For GET AND DELETE requests the order of precedent is as follows:
- HTTP X-Auth-Token header
- HTTP query parameter called ‘auth_token’, ie: http:/api.avpnet.us/v1/accounts/\{account_id}?auth_token=123456
For PUT AND POST requests the order of precedent is as follows:
- HTTP ‘X-Auth-Token’ header
- AVPAC envelope ‘auth_token’ parameter, in the HTTP body of the request
Exceptions
The authenticate modules will allow you to retrieve a AVPAC authorization token using one of the available methods, such as by user credentials.
Some modules can be used without valid credentials, these modules are:
signup, This module is used to on-board new accounts and as such they would not yet be able to authenticate
http://api.avpnet.us:{PORT}/v1/signup |
user_auth, This module validates user credential hashes (username and password), returning an authorization token if valid.
|
api_auth, This module validates an accounts api_key, returning an authorization token if valid.