To protect the confidentiality of api tokens and other parameters such as back-end servers, i.e. instead of passing all parameters individually (Editor URL parameters ), partners can generate a session token for their selected parameters and call the editor with the session token. Usage of the token service will become mandatory eventually and is recommended for all partners.
Generate token endpoint
POST :
https://tokens.kudo.graebert.com/generate
Header :
Pass your api-key x-api-key
Content-type:application/json, x-api-key: api-key
Body :
Contains all URL parameters (Editor URL parameters ) as JSON body
{
"auth" : "apiKey",
"file" : "filePath",
"userId" : "userId",
"server": "serverId",
"param": "value"
}
Result :
If successful, the service will return a 200 status code with the token and expiration time.
status: 200 Ok
{
"token": "bbf18f21-3d0d-4a4c-b650-9c14d4075ce0",
"expiration_time": 1595917409
}
On error, the service will return a 403 error code with a descriptive error message.
status: 403 Forbidden
{
Wrong token
}
Token validation
You can optionally validate a token with the verification end point
GET:
https://tokens.kudo.graebert.com/verify
Header :
Pass the generated token with x-api-token header
Content-type:application/json, x-api-token: apiToken
Result :
If successful, the service will return a 200 status code with the selected url parameters.
Status: 200 OK
{
"auth" : "apiKey",
"file" : "filePath",
"userId" : "userId",
"server": "serverId",
"param": "value"
}
On error, the service will return a 403 error code with a descriptive error message.
status: 403 Forbidden
{
Wrong token
}