Skip to content

Authentication

The Open Publishing API uses Token based authentication.

Authenticate with API Key

Go to the backend in your open publishing backend and navigate to the menu "Administration" and then "Api Keys". Pick a name (e.g. the name of your software project) and click "Generate API Key":

Generate API Key

Afterwards the API key is generated in the backend and displayed:

API Key

POST request to the URL:

POST auth/auth HTTP/1.1
Host: api.openpublishing.com

type=api_key&api_key=[API-KEY]

with [API-KEY] being the value obtained in the step above. The result should look like:

{
   "auth_token": "WqFaginSH9y8p6LTFHrmZM6pFaPzuJ873Lr1wQD81TFTAFFYjHJezvBHmqbCcqtx6k3bXvxgxbEDf9P4y1uSq2kMaLZFg8Icd3cMy4CoWBQYjSJet9auPdEEU4BastUdletulDLQ9MKpx8wgeTZbWNBh98h4DtpKysKayeZ0ClV64um93ph7LppH9ewg8vMdf14qJdfpAcngHDisJSDWfi0DpI6OniSI9qJzRefu6aLrFO1K6kpiQnTnHlTElVt",
   "ok": "ok"
}

Authenticate as unprivileged user

Authentication as unprivileged user allows e.g. to control personal data, create and modify submissions.

POST auth/auth HTTP/1.1
Host: api.openpublishing.com

type=user&realm=testpublishing&email=[EMAIL]&password=[PASSWORD]

Authenticate with anonymous token

Authentication with world tokens may be used to authenticate as an anonymous user without. This method may be used to access world readable data.

POST request to the URL:

POST auth/auth HTTP/1.1
Host: api.openpublishing.com

type=world&realm=testpublishing

With realm being the customer name within Open Publishing.

Create session token

Sessions may be used to e.g. fill shopping carts. Subsequent API calls may access the objects created within the session.

POST request to the URL:

POST auth/auth HTTP/1.1
Host: api.openpublishing.com

with the following query parameters:

  • type=session
  • realm=testpublishing

With realm being the customer name within Open Publishing.

Create user authentication token

POST request to the URL:

POST auth/auth HTTP/1.1
Host: api.openpublishing.com

with the following query parameters:

  • type=user
  • realm=testpublishing
  • email=test@example.com
  • password=supersekrit

With realm being the customer name within Open Publishing.

Use bearer token

For all subsequent API calls, you have to set this auth_token within the Authorization header:

Authorization: Bearer WqFaginSH9y8p6LTFHrmZM6pFaPzuJ873Lr1wQD81TFTAFFYjHJezvBHmqbCcqtx6k3bXvxgxbEDf9P4y1uSq2kMaLZFg8Icd3cMy4CoWBQYjSJet9auPdEEU4BastUdletulDLQ9MKpx8wgeTZbWNBh98h4DtpKysKayeZ0ClV64um93ph7LppH9ewg8vMdf14qJdfpAcngHDisJSDWfi0DpI6OniSI9qJzRefu6aLrFO1K6kpiQnTnHlTElVt

The Bearer tokens become invalid if not used for more then a month.

See example section for full example.

Verify Bearer Token

Me resource may be used to verify sucessfull authentication.

Reset Password for user

To reset the password of a user POST request to following URL. User will receive an email with a newly generated password:

POST auth/recover HTTP/1.1
Host: api.openpublishing.com

with the following query parameters:

  • realm=testpublishing
  • email=test@example.com

With realm being the customer name within Open Publishing.

Register new user

To register a new user POST request to following URL:

POST auth/register HTTP/1.1
Host: api.openpublishing.com

with the following query parameters:

  • type=user
  • realm=testpublishing
  • email=test@example.com
  • first_name=John
  • last_name=Doe
  • password=supersekrit
  • language=ger

With realm being the customer name within Open Publishing. The optional field language specifies the language of the registered user.