Table of contents


Personal access token endpoints

Users can create personal access tokens for usage with external services like IFTT. This document describes the API for creating, revoking and listing these tokens. These tokens can be used as an alternative way of authentication against the VRM Gonzales API.


Create a personal access token

Endpoint:

/v2/users/{idUser}/accesstokens/create

Method:

POST

Payload:

{
    "name": "Token #1"
}

Response

{
    "success": true,
    "token": "abcd1234efab1234"
}

Response will contain the raw token . After returning there is no way of retrieving the token value again, since it is not stored plaintext in the database. Manually setting the expiry date is not yet supported.

Please note that the name of a token is unique per user, so adding a new token with an already existing name will result in an error.


Get all personal access tokens of a user

To get all personal access tokens for the current user:

Endpoint:

/v2/users/{idUser}/accesstokens/list

Method:

GET

Response will look like:

{
    "success": true,
    "tokens": [
        {
            "name": "Token #1",
            "idAccessToken": "50",
            "createdOn": "1508415114",
            "scope": "FULL_ACCESS",
            "expires": null
        },
        {
            "name": "Token #2",
            "idAccessToken": "51",
            "createdOn": "1508415116",
            "scope": "FULL_ACCESS",
            "expires": null
        },
        {
            "name": "Token #3",
            "idAccessToken": "52",
            "createdOn": "1508415119",
            "scope": "FULL_ACCESS",
            "expires": null
        }
    ]
}

Please note that the scope is currently fixed to FULL_ACCESS. More scopes will be added later. Expiry can either be a Unix Timestamp, or null (which doesn't expire)


Revoke a personal access token

Endpoint:

/v2/users/{idUser}/accesstokens/{idAccessToken}/revoke

Method:

GET

Response:

{
    "success": true,
    "data": {
        "removed": 3
    }
}

Removed describes the amount of removed personal access tokens. {idAccessToken} can either be a

*
(wildcard), which will remove all existing personal access tokens for a user, or an identifier valid for the current user.


Using the access token

The access token can be used by setting it in the X-Authorization header like this:

X-Authorization: Token {token}