HTTP REST Authentication - Medisana/vitadock-api GitHub Wiki
| Action | Token | Resource | Return |
|
Register desktop/mobile application POST request |
Application Token (signed with Application Secret) |
https://cloud.vitadock.com/auth/devices Additional Header parameter: device_id=[internal hardware id] |
oauth_token=[token]&oauth_token_secret=[secret] |
|
Generate a unique device id (not necessary for the server, only if needed on the client side) GET request |
https://cloud.vitadock.com/auth/devices/generate Additional URL parameter: type=[internally configured device type] |
[unique device id] | |
|
Request unauthorized access token POST request |
Application/Device Token (signed with Application/Device Secret) |
https://cloud.vitadock.com/auth/unauthorizedaccesses | oauth_token=[token]&oauth_token_secret=[secret] |
|
Request authorized access token POST request |
Application/Device Token Unauthorized Access Token Verifier Token (signed with Application/Device Secret, Unauthorized Access Secret) |
https://cloud.vitadock.com/auth/accesses/verify | oauth_token=[token]&oauth_token_secret=[secret] |
|
Invalidate access token POST Request |
Application/Device Token Access Token (signed with Application/Device Secret, Access Secret) |
https://cloud.vitadock.com/auth/accesses/logout | |
|
Redirect browser to login page GET Request |
Unauthorized Access Token (unsigned) |
https://cloud.vitadock.com/desiredaccessrights/request?oauth_token=[Unauthorized Access Token] | - (After the user has logged in and given permission, the server will do a GET Request on the callback URL of the application that was configured on the web interface) |
|
Redirect browser to signup page GET Request |
Unauthorized Access Token (unsigned) |
https://cloud.vitadock.com/signup?oauth_token=[Unauthorized Access Token] | - (After the user has registered, activated his email address, logged in and given permission, the server will do a GET Request on the callback URL of the application that was configured on the web interface) |
|
Receive verifier token GET Request |
Unauthorized Access Token Verifier Token (unsigned, might be signed in future versions) |
[callback URL of your application]?oauth_token=[Unauthorized Access Token]&oauth_verifier=[Verifier Token] | - |
|
Receive notification about a denied permission request GET Request |
Unauthorized Access Token Verifier Token (unsigned, might be signed in future versions) |
[callback URL of your application]?oauth_token=[Unauthorized Access Token]&deny=true | - |
|
Receive push notification GET Request |
Access Token (signed with Application/Device Secret, Access Secret) |
[subscription URL of your application]?module_id=[id of the affected module] (The request contains the authorization header signed by the VitaDock Online Server which can be used by the Consumer to identify the user (oauth_token in the Authorization header) and (optionally) to verify the origin of the request) |
- |
Please note:
- For module fields please see wiki pages about the DATA MODEL
- module name is one of the following: "cardiodocks", "glucodockglucoses", "glucodockinsulins", "glucodockmeals", "targetscales" or "thermodocks"
- Your application should check incoming requests on your callback and subscription URL for proper Authorization Headers. This way you can ensure that the data comes from an authorized source and no third party abuses your service.
- module_id refers to one of the following: 0:Cardiodock, 1:Glucodock (glucose), 2: Glucodock (insulin), 3: Glucodock (meal), 4: Targetscale, 5: Thermodock, ...
- If the user deletes the access token, the server sends a notification of module_id=-1