Server-to-server Authentication

Introduction¶

Server-to-server authentication can be used by Speakap apps to directly talk directly to the API. In this scenario, the access token is not authorized by any specific user and the app is only allowed to perform requests as granted by the network administrator.

Access token¶

Because server-to-server communication is performed over a secure channel and is not exposed to third parties, apps do not need to explicitly acquire an access token or refresh token. Instead, they compose their own access token according to the following very simple scheme:

{appEID}_{appSecret}

This access token is passed along in the Authorization Bearer header with every API request.

For example, assuming your App EID is “ae1dae1dae1dae1d” and your App Secret is “s3cr3t”, you can perform the following request:

$ curl https://api.speakap.io/networks/053ecd475a000f30/ -H "Authorization: Bearer ae1dae1dae1dae1d_s3cr3t"
{
    "_links": {
        "self": {
            "href": "/networks/053ecd475a000f30/"
        },
        "emblem": {
            "href": "/networks/053ecd475a000f30/messages/053f0e65ab05a950/"
        }
    },
    "type": "network",
    "EID": "053ecd475a000f30",
    "name": "Speakap",
    "subdomain": "speakap",
    "description": "",
    "emblemThumbnailUrl": "https://speakap.speakap.com/files/053f0e65ab05a950/thumbnail",
    "subscription": { "type": "premium", "since":"2013-09-18T17:54:37.550+0000" }
}

Previous Next