API Tokens

POST /oauth/token

Used to log in as a regular or facebook user

Logging in as regular user

Request

// headers
"Authorization", "Basic " + <Base64 encoding of CLIENT_ID:CLIENT_SECRET>
"Content-Type", "application/x-www-form-urlencoded; charset=utf-8"
"Accept", "application/json"

// urlencoded post body
grant_type=password
username=<user_email>
password=<user_password>

Response

{
  access_token: <token_string>,
  expires_in: <time_in_seconds>,
  token_type: 'bearer',
  user_id: <user_id>,
  created_at: <time_of_creation_as_integer>
}

Logging in as facebook user

• The request format is the same, except the username needs to be set to 'facebook', and the password is actually the Facebook access token retrieved by using whichever Facebook SDK or API the client uses.

// request format
{
  username: 'facebook',
  password: <facebook_access_token>
}

// response format
{
  access_token: <token_string>,
  expires_in: <time_in_seconds>,
  token_type: 'bearer',
  user_id: <user_id>
}