Cliqset supports the following authentication / authorization protocols:
1) OAuth
- Based on the OAuth Core 1.0
protocol specification, the OAuth specification provides a secure
protocol for authorizing 3rd party (consumer) access to protected
Cliqset resources on behalf of a user. For information on interaction with Cliqset via OAuth, please see the OAuth Overview page.
- Cliqset OAuth endpoint URLs may be found on the OAuth Overview page.
2) HTTP Basic Authentication
- Allowing users to authenticate to Cliqset consumer applications and authorize their interaction with the Cliqset API by providing their Cliqset username and password. Information on HTTP Basic Authentication may be found in RFC 1945 and on Wikipedia.
HTTP Basic Example
GET /200909/profile/useridentifier HTTP/1.1
Host: api.cliqset.com
Authorization: Basic QWxhZGRpbjpsfjdfjsdf2fjsflqQ==
CliqsetConsumerKey: 51a38ee61239045394531
|
3) User Pre-Shared Keys
- Users may generate a cryptographically secure key that may be presented by a consumer application to authenticate and authorize Cliqset API interaction. This should be passed in using the header CliqsetPSK. The user PSK generator can be found in the Application Keys section of Account Settings within Cliqset.
User Pre-Shared Key Example
GET /200909/profile/useridentifier HTTP/1.1
Host: api.cliqset.com
CliqsetPSK: 728235b21239045825661
CliqsetConsumerKey: 51a38ee61239045394531
|
In all cases authentication and authorization operations are enforced via SSL.
|
|
