lacoctelera::routes::token

Module token_request

Source
Expand description

Request a new API token for the restricted endpoints.

§Description

This module includes the handlers that automate the process of requesting and delivering API access tokens.

§API Token

Some of the API’s endpoints are restricted to public access, and require clients to identify. Restricted endpoints require an extra parameter as part of the request: the API token. The token is composed of two components: client’s ID and the access token.

That token is use by the backend to identify the client, and check whether it is approved to access the restricted endpoints or not.

§API Token Request

Anyone interested on using the restricted endpoints needs to request an API token. To ease such process, a specific endpoint is enabled in the backend that serves some simple HTML pages: /token/request. That endpoint is accessible via a web browser, and includes a simple form that a client must fill before issuing a token request.

The request gets registered in the system, but partially, until the client verifies the used email account. The backend sends an email after registering a new request with a validation link that will be available for a day. The client needs to visit such URL in order to complete the request process because during the validation process, the real API token gets generated. It is shown only once to the client, and the hash gets stored into the DB. If the client fails to complete the validation process, or looses the token, the process needs to be restarted.

Once the email gets validated, the request is fully registered and sent to evaluation. The evaluation process is manual and involves the system administrator. The result of the evaluation is notified via email to the client. If the request gets approved, the client is ready to start using the restricted endpoints using the token that was given at the end of the validation process.

Structs§