Authentication and authorization
To interact with most of the API, a client must be authenticated and authorized to access the requested resource.
Bearer Login Auth
The main means for authentication are access tokens called Bearer logins.
Treat bearer login access tokens as if they were passwords.
These tokens can be generated using the related app for management of credentials.
They must be included in the HTTP header Authorization of the request:
Authorization: Bearer <access_token>
Each token is related to a user and a scope. Most endpoints indicate the required scope for it.
You can create many bearer logins, each with each own scopes and label.
URL Signature Auth
This auth mechanism is an alternative to Bearer Login Auth when downloading protected attachment files, if providing custom HTTP headers is not feasible.
For instance, having the URL of an image file as an attribute for an img HTML tag.
For this, a short-lived JWT (JSON Web Token) is generated —with a expiry of 10 minutes— which must be then appended to the attachment file URL as the query parameter jwt.
Login Auth
This auth mechanism is intended for internal use within the app to manage credentials and Bearer. In it, access tokens are generated by providing valid username and password, but these do not have a scope as with Bearer Login Auth.
In addition, some endpoints that use Login Auth are reserved only for administrator users.