Using the CoopCycle API
Authentication
Most of the API endpoints require authentication, and also authorization.
Authentication is implemented by sending a JSON Web Token via HTTP headers.
Authorization: Bearer <token>
Authenticating as a web application
If you are creating a web application that does not need to act on behalf of a user, you need to use the OAuth client credentials flow to obtain an access token.
Obtaining API credentials
To create access tokens, you will need API credentials (an API key and an API secret).
Ask the platform administrators to create a API application and send you the API credentials.
Using the credentials to obtain an access token
The first step to make authenticated requests is to obtain an access token.
To obtain an access token, you first need to make a request to the /oauth2/token
endpoint,
with your API credentials encoded as Base64.
Here is an example to encode your API credentials using PHP:
php -r 'echo base64_encode("<api_key>:<api_secret>"), PHP_EOL;'
Here is an example request to the /oauth2/token
endpoint using cURL:
curl -X POST -d 'grant_type=client_credentials&scope=tasks+deliveries' -H 'Authorization: Basic <base64_credentials>' https://acme.coopcycle.org/oauth2/token
The response should look like this:
{
"token_type": "Bearer",
"expires_in": 3600,
"access_token": "<access_token>"
}
Using the access token to make authenticated requests
You can now use the access token to make authenticated requests to the API
curl -X POST -d '{ ... }' -H 'Content-Type: application/ld+json' -H 'Authorization: Bearer <access_token>' https://acme.coopcycle.org/api/deliveries