REST API Authorization: Difference between revisions
From Planfix
No edit summary |
No edit summary |
||
| Line 8: | Line 8: | ||
Each request must include a bearer HTTP authentication header. Authentication tokens are created in the section '''Account Management''' — '''Access to API''' — '''REST API''' and can only be restricted by specific access levels - scope: | Each request must include a bearer HTTP authentication header. Authentication tokens are created in the section '''Account Management''' — '''Access to API''' — '''REST API''' and can only be restricted by specific access levels - scope: | ||
https://s.pfx.so/pf/Pt/jwF7jI.png | |||
In the example on the screenshot, an authorization token is created, and when used, requests are made on behalf of the employee Vladislav Ivanov (i.e., requests for tasks only the contacts available to him). | In the example on the screenshot, an authorization token is created, and when used, requests are made on behalf of the employee Vladislav Ivanov (i.e., requests for tasks only the contacts available to him). | ||
Latest revision as of 15:58, 17 November 2023
Each request must include a bearer HTTP authentication header. Authentication tokens are created in the section Account Management — Access to API — REST API and can only be restricted by specific access levels - scope:
In the example on the screenshot, an authorization token is created, and when used, requests are made on behalf of the employee Vladislav Ivanov (i.e., requests for tasks only the contacts available to him).
If API access is required with the ability to modify all contacts, then a robot should be used for these purposes.
The bearer authorization header looks like this:
Authorization : Bearer 5d80e21cb3e12345678bdd568a2226d5
The authorization token is passed as a parameter for GET requests: access_token.