Skip to main content

Authentication (oAuth 2.0)

When an App wants to interact with our API it needs the get authenticated. We have made this easy by implementing an oAuth 2.0 flow. With this flow you don't need to exchange api keys with the user.

tip

Download our basic apps for Laravel and Vue JS to get started. We have already built in the authentication for you.

Authtoken

In every widget and the app default page you will get the ?authtoken=.... parameter. With this authtoken you can get an idToken and refreshToken.

Example Request

curl --location --request POST 'https://api.camping.care/v21/oauth/token' \
--form 'auth_token="..."'

Example Response

{
"kind":"identitytoolkit#VerifyCustomTokenResponse",
"idToken":"....JWTidToken",
"refreshToken":"....RefreshToken",
"expiresIn":"3600",
"isNewUser":false
}

API Request

Now the idToken can be used to query the API by sending it as a Bearer token. In the following request we will get the data of user that is logged in via oAuth 2.0.

info

For every app, public and private API key we will create a user with a set of rights (scopes) they can use to communicate with the API.

Example Request

curl --location --request GET 'https://api.camping.care/v21/users/me'
-H "Accept: application/json"
-H "Authorization: Bearer {idToken}"
-H "x-admin-id: {adminId}"

x-admin-id As a user can operate multiple administration an admin ID is required for mosts of the requests.

Refresh your idToken

Every JWT idToken is valid for one hour (3600 seconds). If the JWT idToken is expired you are able to refresh the JWT idToken via the refresh token endpoint. If you do this, you will get a new JWT idToken what you can use to authenticate to the API.

Example Request

curl --location --request POST 'https://api.camping.care/v21/oauth/refresh_token' \
--form 'refresh_token="..."'

Example Response

{
"access_token":"...AccessToken",
"expires_in":"3600",
"token_type":"Bearer",
"refresh_token":"...reFreshToken",
"id_token":"....idToken",
"user_id":"...userUid",
}