|
1 | 1 | # Login API |
2 | 2 |
|
3 | | -See the [Quick start](quickstart.md) for login instructions. |
| 3 | +See the [Quick start](quickstart.md) for more information. |
| 4 | + |
| 5 | +This document provides linux bash commands to demonstrate how to: |
| 6 | +- Use the credentials we supply you to get an access token |
| 7 | + |
| 8 | +We assume: |
| 9 | +- Linux terminal |
| 10 | +- The jq and curl programs are installed |
| 11 | + |
| 12 | +You only need to get an access token once every 24 hours. |
| 13 | +Use the access token for all subsequent requests within 24 hours. |
| 14 | +When the access token expires, the APIs respond with a message indicating such. |
| 15 | +For example: |
| 16 | + |
| 17 | +```json |
| 18 | +{"message":"The incoming token has expired"} |
| 19 | +``` |
| 20 | + |
| 21 | +Use this as a trigger to request a new access token. |
| 22 | + |
| 23 | +Below is an example of obtaining an access token for calling the Cibolabs API. |
| 24 | + |
| 25 | +The example assumes you’ve set two environment variables, |
| 26 | +CIBO_CLIENT_ID and CIBO_CLIENT_SECRET, in your shell session. |
| 27 | + |
| 28 | +```bash |
| 29 | +# Create a base64 encoded version of your client ID and secret |
| 30 | + |
| 31 | +CREDENTIALS=$(printf "%s:%s" "$CIBO_CLIENT_ID" "$CIBO_CLIENT_SECRET" | base64 -w 0) |
| 32 | + |
| 33 | +# Exchange your credentials for an access token |
| 34 | + |
| 35 | +TOKEN=$(curl -s -X POST \ |
| 36 | + -H "Content-Type: application/x-www-form-urlencoded" \ |
| 37 | + -H "Authorization: Basic ${CREDENTIALS}" \ |
| 38 | + -d "grant_type=client_credentials" \ |
| 39 | + "https://login.cibolabs.com/oauth2/token" \ |
| 40 | + | jq -r '.access_token') |
| 41 | + |
| 42 | +``` |
| 43 | + |
| 44 | +If successful, the `TOKEN` variable holds the access token. |
| 45 | + |
| 46 | +# Security Considerations |
| 47 | + |
| 48 | +Do not allow your CIBO_CLIENT_ID and CIBO_CLIENT_SECRET values to be accessible on the public internet. |
| 49 | +Once these leak attackers will be able to use these values to make calls to the Cibolabs |
| 50 | +API at your expense. You will be liable for charges related to API calls by anyone with these values. |
| 51 | + |
| 52 | +In particular: |
| 53 | +- Do not place these within Javascript or HTML or any other file transmitted to the user's browser. Users |
| 54 | +will be able to retrieve these values by viewing the source code of your site. This access token should |
| 55 | +only be obtained by your server and then transmitted to the browser. Since an access token expires the |
| 56 | +likelihood of unauthorised access is low. |
| 57 | +- Keep the values of CIBO_CLIENT_ID and CIBO_CLIENT_SECRET private to your server |
| 58 | +- If keeping the values of CIBO_CLIENT_ID and CIBO_CLIENT_SECRET in a source control file please |
| 59 | +ensure that your source control is private and access is only possible by authorised people. MFA |
| 60 | +should be enabled on your source control as an extra level of security |
| 61 | + |
| 62 | + |
0 commit comments