03.1.1. Authentication
Authentification
Nowayday, it's quite usual to authenticate the user via an API key (when developing a web service for instance). The API key is provided for every request and is passed as a query string parameter or via an HTTP header.
The API Key Authenticator
Authenticating a user based on the Request information should be done via a authentication mechanism.
Your exact situation may differ, but in this example, the token can be generated like this:
<?php
session_start();
$api_url = "www.staffITproCloudDemo.de/staffITproWebApi/";
$_SESSION["token"] = GetToken();
function GetToken()
{
GLOBAL $api_url;
$authString = sprintf('SIP sip_username=%s sip_password=%s sip_database=%s app_key=%s',
"TEP", //Username
"SIP*2009T", //Password
"staffITproWebApiDemo", //Database
"462EA3BCFD95444AB4C7B0C4B87EE2252B778E0065AE453C969383D2281F45036FC3B69D044F4997A23F9D1DF96BFF327E23910200E3474C899335E01F1A9EF9"); //App GUID
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $api_url . 'Token/');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
'AppliesTo' => $api_url,
'TokenType' => "http://staffITpro.com/tokens/staffITproSecurityToken/type"
)));
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_HTTPHEADER, array(
'Accept: application/json',
'Content-Type: application/json',
'Authorization: ' . $authString
));
$result = json_decode(curl_exec($ch));
if (curl_errno($ch)) {
return curl_error($ch);
}
curl_close($ch);
if (isset($result->TokenId)) {
return $result->TokenId;
} else {
return $result;
}
}
?>