Skip to content

Authentication

Jump to bottom
Onur Akpolat edited this page Oct 18, 2016 · 1 revision

Authentication to the API occurs via HTTP Basic Auth. Provide your app token as the basic auth username and the session token as password.

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. You must authenticate for all requests.

App token

You authenticate to the Tapglue API by providing one of your app tokens in the request header. First you have to create an application in the dashboard to get an application key. You can manage your app tokens of your account in the dashboards applications section. Your token carry many privileges, so be sure to keep them secret!

It is very important that you keep your tokens secret. Treat them in the most secure way.

Session token

All requests, except creating users, require a session token. If you are using our user management we will provide the token to you after you login (user/login) endpoint.

If you have your own user management your backend will have to create the session token. Stay tuned, we'll show you how to do it here soon!

We handle everything you need for your user management. If you still want to use your own or already have one, we support you with everything you need to get started and integrate with our API.

If you decide to use your own user management get in touch with us and we show you how to create the SESSION_TOKEN from your backend.

Example

curl  https://api.tapglue.com \
-u APP_TOKEN:SESSION_TOKEN

Backend token

Besides the regular app token that you can retrieve from our dashboard after creating an app, we also provide a BACKEND_TOKEN. That token always you to interact with the Tapglue API, without logging in users, thus without the need of a SESSION_TOKEN. When using a BACKEND_TOKEN you have to pass the USER_ID instead. Following example shows authentication with a BACKEND_TOKEN:

curl  https://api.tapglue.com \
-u BACKEND_TOKEN:USER_ID

As named, the BACKEND_TOKEN is meant to only be used from your backend. It removes the necessity of logging in users and therefore is very powerful. Treat this token with the highest possible caution.

Documentation

Introduction

Overview

Authentication

Pagination

Versioning

Status code

Error handling

Rate limits

Metadata

Visibilities

Private fields

Users

The user object

Authenticated user

Create user

Retrieve user

Update user

Delete user

Login user

Logout user

Search

Search user

Search emails

Search social-IDs

Connections

The connection object

Create connection

Delete connection

Social connections

Retrieve following

Retrieve followers

Retrieve friends

Retrieve pending

Retrieve confirmed

Retrieve rejected

Posts

The post object

Create post

Retrieve post

Update post

Delete post

Retrieve user posts

Retrieve all posts

Filter hashtags

Comments

The comment object

Create comment

Update comment

Delete comment

Retrieve comments

Likes

The like object

Create like

Delete like

Retrieve post likes

Retrieve user likes

Feeds

Retrieve news feed

Retrieve posts feed

Retrieve events feed

Retrieve user-centered feed

Clone this wiki locally