Authentication (oAuth 2.0)
When an App wants to interact with our API it needs the get authenticated. We have made this easy by implementing an oAuth 2.0 flow. With this flow you don't need to exchange api keys with the user.
Authtoken
In every widget and the app default page you will get the ?authtoken=.... parameter. With this authtoken you can get an idToken and refreshToken.
Example Request
curl --location --request POST 'https://api.camping.care/v21/oauth/token' \
--form 'auth_token="..."'
Example Response
{
"kind":"identitytoolkit#VerifyCustomTokenResponse",
"idToken":"....JWTidToken",
"refreshToken":"....RefreshToken",
"expiresIn":"3600",
"isNewUser":false
}
API Request
Now the idToken can be used to query the API by sending it as a Bearer token. In the following request we will get the data of user that is logged in via oAuth 2.0.
For every app, public and private API key we will create a user with a set of rights (scopes) they can use to communicate with the API.
Example Request
curl --location --request GET 'https://api.camping.care/v21/users/me'
-H "Accept: application/json"
-H "Authorization: Bearer {idToken}"
-H "x-admin-id: {adminId}"
x-admin-id As a user can operate multiple administration an admin ID is required for mosts of the requests.
Refresh your idToken
Every JWT idToken is valid for one hour (3600 seconds). If the JWT idToken is expired you are able to refresh the JWT idToken via the refresh token endpoint. If you do this, you will get a new JWT idToken what you can use to authenticate to the API.
Example Request
curl --location --request POST 'https://api.camping.care/v21/oauth/refresh_token' \
--form 'refresh_token="..."'
Example Response
{
"access_token":"...AccessToken",
"expires_in":"3600",
"token_type":"Bearer",
"refresh_token":"...reFreshToken",
"id_token":"....idToken",
"user_id":"...userUid",
}