phpFox 4 Developer Document
Page tree

Versions Compared

Old Version 4

changes.mady.by.user Robert

Saved on

compared with

New Version 5

changes.mady.by.user Robert

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

All resource requests (APIs Call) are requiring oauth2 authentication.

...

Grant Types allow to expose multiple ways for a client to receive an Access Token. Currently supported grant types:

  1. Authorization Code: This grant type is used when the client wants to request access to protected resources on behalf of another user.
  2. Implicit: This grant type is similar to the Authorization Code grant type. But it is optimized for public clients, such as those implemented in javascript or on mobile devices, where client credentials cannot be stored.
  3. User Credentials: This grant type (a.k.a. Resource Owner Password Credentials) is used when the user has a trusted relationship with the client, and so can supply credentials directly.
  4. Client Credentials: This grant type is used when the client is requesting access to protected resources under its control (i.e. there is no third party).
  5. Refresh Token: This grant type is used to obtain additional access tokens in order to prolong the client’s authorization of a user’s resources.

Endpoints

Authorize Endpoint

Which requires the user to authenticate and redirects back to the client with an authorization code (Authorization Code grant type) or access token (Implicit grant type).

http://example.com/restful_api/authorize

...

Which uses the configured Grant Types to return an access token to the client.

http://example.com/restful_api/token

...

This project aims to create an easy-t-understand and well-tested framework for creating APIs. On this page, we will explain the basics of using phpFox RESTful API such as sending and receiving data, serializing data in HTTP requests, and more.

...

Call the authorize endpoint to get the code.

http://example.com/restful__api/authorize?response_type=code&client_id=CLIENT_ID

...

Get Access Token

Get by Authorization Code

The authorization code can be used to receive an access token from the token endpoint.

Code Block
languagebash
bash

$ curl -u CLIENT_ID:CLIENT_SECRET http://example.com/restful_api/token -d 'grant_type=authorization_code&code=AUTHORIZATION_CODE'

You will receive an access token:

{"accesstoken":"ACCESSTOKEN","expiresin":86400,"tokentype":"bearer","scope":"null":"REFRESH_TOKEN"}

Wiki Markup
{"access_token":"ACCESS_TOKEN","expires_in":86400,"token_type":"bearer","scope":"null":"REFRESH_TOKEN"}

...

Setting the query string parameter response_type=token in the authorize endpoint.

http://example.com/restful_api/authorize?response_type=token&client_id=CLIENT_ID&redirect_uri=http://app.example.com/callback

...

http://app.example.com/callback#access_token=EACCESS_TOKEN&expires_in=86400&token_type=bearer

...

Send the user credentials directly to receive an access token

Code Block
languagebash
bash
 $
$ curl -u CLIENT_ID:CLIENT_SECRET http://example.com/restful_api/token -d 'grant_type=password&usernameemail=USER_EMAIL&password=USER_PASSWORD'

URI Parameters: email, password

...

Example using HTTP Basic Authentication:

Code Block
languagebash
bash
 $
$ curl -u CLIENT_ID:CLIENT_SECRET http://example.com/restful_api/token -d 'grant_type=client_credentials'

Refresh token

A refresh token must be retrieved using the Authorization Code or User Credentials grant types. This refresh token can then be used to generate a new access token of equal or lesser scope.

Code Block
languagebash
bash
 $
$ curl -u CLIENT_ID:CLIENT_SECRET http://example.com/restful_api/token -d 'grant_type=refresh_token&refresh_token=REFRESH_TOKEN'

Access resources

To access resources, you must add access token to the URI Parameters or the header of request.

http://example.com/restful_api/blog=ACCESS_TOKEN

The response data is in JSON format. Read each API for more details.

Objects

Page Tree
rootAPI