API Endpoints

1. Authenticating a user
2. Redirect the user to the /api/authenticate endpoint with the token (your client ID), redirect (the URL to redirect to, must match "Redirect URI" above), and (optionally) state GET parameters. The user will be prompted to approve app access, and then will be redirected back to your app with the authorization and state GET parameters. You must then send a request to /api/get_user_token (see below) to get a user token.
3.  
4. Use the user token value as the token below, unless the endpoint is documented as requiring your client secret instead. The user token (or client secret, if applicable) can be provided as either the Token HTTP header (recommended) or as the token GET parameter. All endpoints return JSON.
5.  
6. The user token expires 24 hours after it is granted; after that, you'll have to re-authenticate the user. Attempting to use invalid client IDs, user tokens, or client secrets will return 401 Not Authorized. Invalid endpoints will return 404 Not Found.
7. GET /api/get_user_token
8. Get a user token from an authentication token.
9. Note: requires a client secret. This should only be executed on your secure, remote server. Do not ship client secrets as part of a client-side app!
10.  
11. authorization The authorization token from the initial grant request
12.  
13. Example request:
14.  
15. authorization=58395fbcea6a76047df906f4bd564b7480b46943a723b24da2
16.  
17.  
18. Example response:
19.  
20. 200 OK
21.  
22. {
23. "token": "39bef4adff93d7e706b7dc8661ba8c60e5844b6b79c26cb019"
24. }
25.  
26. GET /api/user
27. Gets a user's information after you've authenticated them.
28.  
29. No parameters.
30.  
31. Example response:
32.  
33. 200 OK
34.  
35. {
36. "username": "antigravities",
37. "uid": 1,
38. "roles": [
39. "administrator"
40. ]
41. }
42.  
43.  
44. GET /api/coins
45. Gets the number of loyalty credits a user has.
46.  
47. No parameters.
48.  
49. Example response:
50.  
51. 200 OK
52.  
53. {
54. "uid": 1,
55. "coins": 100
56. }