REST API

WARNING

The REST API can give you access to all your users and accounts, which means you can pretty much do anything to anyone. If you use shared-secret access, guard the secret carefully.

• Accessing the API
  • Example API Call
• Full API Docs

The simple-auth REST API allows you to do everything (and more) that the UI allows a user to do. Internally, when a user logs-in to the UI, it gives them access to REST API (but of course, only to access their specific details).

A second way to access the REST API is via shared-secret credentials. This gives the holder of the secret access to do anything to any account credentials.

Accessing the API

Accessing the API is as simple as making an HTTP request to the resource, with two headers:

• Authorization Add your SharedKey to the authorization header
• X-Account-UUID will specify which account resource you're operating on (for endpoints that require it)

For example, your request might look something like this:

GET /api/v1/account HTTP/1.1
Authorization: SharedKey my-shared-secret
X-Account-UUID: c270e7e0-47a2-11eb-b378-0242ac130002

Example API Call

Here's an example of getting details of a user's account via /api/v1/account endpoint.

#!/usr/bin/env node
const axios = require('axios');

const sharedSecret = 'test';
const baseUrl = 'http://localhost:9002';

const headers = {
  Authorization: `SharedKey ${sharedSecret}`,
  'X-Account-UUID': 'e4fe94ae-0cfd-44e1-878d-b93a25e38fab',
};

axios.get(`${baseUrl}/api/v1/account`, { headers })
  .then((resp) => {
    console.dir(resp.data);
  }).catch((err) => {
    console.log(err.message);
    if (err.response) {
      console.dir(err.response.data);
    }
  });

Full API Docs

You can read more about the exposed API calls in the API Documentation