.. _authentication:

Authentication
==============

To authenticate with the API you will need a suitably configured administrator account, with the relevant permissions for the actions you wish to perform.  

Administrator accounts can be created and configured here::

    https://admin.caremessenger.co.uk


Obtaining the API token for a user
----------------------------------

To obtain the API token for a user you can send a HTTP POST request to the following URL::

    https://api.caremessenger.co.uk/api-token-auth/


This endpoint will return a JSON response when valid username and password fields are POSTed using form data or JSON::

    {
	"token": "eyJ0eXAiOiJKV1QiLCJdfdGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo4MjksInVzZXJuYW1lIjoic3RhZ2luZ19zdXBwb3J0ZXIiLCJleHAiOjE2OTE0NDMzODYsImVtYWlsIjoic3RhZ2luZy1zdXBwb3J0ZXJAc3VwLmNvbSIsIm9yaWdfaWF0IjoxNjc1ODkxMzg2fQ.hW1HGaUa9GeFxuxXGouMzBApEaAl4rCjtkrD24lpS4s",
        "user": {
            "id": 829,
            "online": false,
            "user_type": "supporter",
            "username": "staging_supporter",
            "email": "staging-supporter@sup.com",
            "slug": "staging_supporter",
            "first_name": "Staging",
            "last_name": "Supporter",
            "is_active": true,
            "date_joined": "2015-06-04T10:39:15.947944Z",
            "locale": "en-GB",
            "time_zone": "Europe/London",
            "avatar": "https://infotube-api-staging.s3.amazonaws.com:443/users/avatars/f3ef3adac18abf5a241f97208f5679da2da63415.jpg",
            "avatar_original": "https://infotube-api-staging.s3.amazonaws.com:443/users/avatars/f3ef3adac18abf5a241f97208f5679da2da63415.jpg",
            "avatar_thumb": "https://infotube-api-staging.s3.amazonaws.com:443/CACHE/images/users/avatars/f3ef3adac18abf5a241f97208f5679da2da63415/43309b841ae7103e7bf57dbc2b202e11.jpg",
            "avatar_large": "https://infotube-api-staging.s3.amazonaws.com:443/CACHE/images/users/avatars/f3ef3adac18abf5a241f97208f5679da2da63415/5d8a88760bcc4dcf265e4b2e8efe8311.jpg"
        }
    }


Making Requests
---------------

When making requests to the API, a HTTP authorization header must be sent with each request.  This authorization header must contain the API token for the user you wish to authenticate with::

    Header Name: Authorization
    Body: Bearer eyJ0eXAiOiJKV1QiLCJdfdGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo4MjksInVzZXJuYW1lIjoic3RhZ2luZ19zdXBwb3J0ZXIiLCJleHAiOjE2OTE0NDMzODYsImVtYWlsIjoic3RhZ2luZy1zdXBwb3J0ZXJAc3VwLmNvbSIsIm9yaWdfaWF0IjoxNjc1ODkxMzg2fQ.hW1HGaUa9GeFxuxXGouMzBApEaAl4rCjtkrD24lpS4s

.. admonition:: Note

    To be clear, the body of the header should contain the word 'Bearer', then a space, then the token itself::

        Bearer eyJ0eXAiOiJKV1QiLCJdfdGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjo4MjksInVzZXJuYW1lIjoic3RhZ2luZ19zdXBwb3J0ZXIiLCJleHAiOjE2OTE0NDMzODYsImVtYWlsIjoic3RhZ2luZy1zdXBwb3J0ZXJAc3VwLmNvbSIsIm9yaWdfaWF0IjoxNjc1ODkxMzg2fQ.hW1HGaUa9GeFxuxXGouMzBApEaAl4rCjtkrD24lpS4s