client id, key and account credential
Header: Authorization: "Basic base64(username:password)"
This is the only API which provides an access token in exchange for credentials. Note that all other APIs require authentication. This access token could be used to handle not logged in users. The moment user decides to log in, a new session token would be created for the users and this token needs to be used for all the operations going forward.
You might wonder where to place the username or email and password in order to authenticate. The answer is: In the request headers.
In order to authenticate with user credentials the previously mentioned json payload must have a header called: "Authorization" whose value must be the "Basic " + the result of encoding in Base64 the following string:
So in the end the Header would look something like this:
"Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ="
You can use the following link to understand Base64 encoding: https://www.base64encode.org/
Pay close attention to the resulting "access token" as it must be used in the header of all other requests in the future. However, on subsequent requests to other endpoints, the header key value will be named "Token ".
|Error Code||Error Description|
|400 - Bad Request||Missing |
|403 - Forbidden||Missing "Authorization" in header|