Authentification
For security and traceability reasons, most of the actions that can be performed on the API require authentication.
Access tokens
The Mobilic API uses access token authentication (accessToken
): authenticated requests are those with a valid token.
OAuth and authorization
The tokens used are tokens generated by the API.
When an authenticated request reaches the API, the API checks the validity of the token. If the token is valid and not expired, the API will consider that the request comes from the user whose identity is associated with the token.
The API will then determine if the user is authorized to perform the requested operation before proceeding with the operation.
Different types of tokens
There are 2 types of access tokens :
Tokens which are linked to a user account: it allows you to make requests on behalf of a user, for any company the user is attached to.
Tokens which are linked to an attachment "User Account, Company": it allows you to make requests on behalf of a user, only for the related company.
These 2 token types enable you to perform the same requests, but use different recovery methods. In order to choose the best fitting method for your use case, you can explore each retrieval method, or contact Mobilic team to get advices.
pageTokens linked to a user accountpageTokens linked to an attachmentTokens use
Tokens linked to a user account
Your must add these two HTTP headers to your requests :
Name | Value |
---|---|
X-CLIENT-ID | client_id provided by Mobilic team |
Authorization | Bearer |
Tokens linked to an attachment
Name | Value |
---|---|
X-CLIENT-ID | client_id provided by Mobilic team |
X-EMPLOYMENT-TOKEN |
|
Last updated