The Core API offers two authentication mechanisms: API Keys and OAuth 2. API Key authentication is the preferred method as it doesn't require any extra authentication calls. API keys do not expire, unlike the token gained via OAuth 2. Whichever method you use, the same usage limits apply.
API Keys
These provide great security whilst minimising the authentication complexity. The API key should be passed in the Authorization header in every request. Follow this guide to generate an API key. We recommend using a different API key for each system connected to patchworks. You can create as many as you need. Once you no longer use a key, please revoke it. Request using invalid API keys will return a 401 response.
OAuth 2 (Client Credentials)
Your account username and password can be used to gain a token to be put in the Authorization header to authenticate requests. This follows a simplified client credentials flow. The first request should be:
POST /fabric/api/login HTTP/1.1Host:app.wearepatchworks.comContent-Type:application/jsonAccept:application/json{"username":"[email protected]","password":"a1b2c3d4e5f6"}
A successful response will return the following content with a 200 status code:
{"message":"You have successfully logged in.","token":"eyJ0eXAiOiJKV......","expires_in":86400}
The content in the token field should be used as your access token inside the Authorization header (along with the term Bearer to illustrate the token type):
Authorization: Bearer eyJ0eXAiOiJKV......
Authentication tokens expire after the length of time indicated in the response (in seconds). An invalid or expired token will result in a 401 status code being returned. You should reauthenticate to get a new token.
