Skip to main content

Authentication

Authentication with the API is done using authorization tokens. Management of authorization tokens is performed using the following endpoints. Authentication is performed by setting the authorization token in a header.

For sites with public registration enabled, register and login requests must also provide an app id that uniquely identifies the application performing the requests. Contact the site administrator to request an app id.

Examples of authenticating via the API can be found in our GitHub repository. Additionally, here is an example using curl:

curl -H "Authorization: api AUTHTOKEN" \ 
     -H "X-App-Id: FEDCBA0987654321"

POST /user/token

Create an authorization token for an existing user account using the provided credentials.

POST /users/reset_password

Request a password reset for a given email. Given that the specified email address has an account, send a password reset link to the email address

POST /users

Register a new user account. You must be logged in as an Admin to create new user accounts on sites with public registration disabled.

DELETE /user/token

Log out the current user by deleting the authorization token.

POST /user/token/impersonate

Create an authorization token for the specified userid without specifying a password. Note: endpoint only accessible to authenticated admins.