API requests must be authenticated. The fluxcess API allows several authentication methods:

  • HTTP Auth
  • GET parameter
  • POST parameter
  • Session/Cookie after initial login
  • IP Address

Authentication via HTTP Auth

Example:

Request

GET /api/ping HTTP/1.1
Authorization: Basic *****

The http basic authentication consists of <login>:<pw>, base64 encoded.

Response

{
    "meta": {
        "statusCode": 200,
        "success": true
    },
    "content": "pong"
}

Authentication via GET parameters

Request

GET /api/ping?login=info@example.org&amp;pw=*** HTTP/1.1

Response

{
    "meta": {
        "statusCode": 200,
        "success": true
    },
    "content": "pong"
}

Authentication via POST Form parameters

Request

POST /api/ping HTTP/1.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW

------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="login"

info@example.org
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="pw"

***
------WebKitFormBoundary7MA4YWxkTrZu0gW--

Response

{
    "meta": {
        "statusCode": 200,
        "success": true
    },
    "content": "pong"
}

Authentication via Cookie

After the first successful authentication, the Server returns a session id. This id can be used as a token for further requests. It expires after 10 minutes.

For on-premise installations, the expiration time needs to be adjusted via PHP session settings.

Authentication via IP address

Specified ip addresses can access the API without authentication. The config.local.php file contains four parameters:

$gs['INTERFACE_REMOTE_IPS'] = 'x.x.x.x,y.y.y.y';
$gs['INTERFACE_AUTOLOGIN_USERID'] = 1;
$gs['INTERFACE_AUTOLOGIN_EMAILADDRESS'] = 'info@example.org';
$gs['INTERFACE_AUTOLOGIN_CUSTOMERID = 1;