Authentication of API users
Our APIs use RFC2617 standard digest for authentication.
In order to use our APIs (to perform create, retrieve, update, and delete actions) a special API user (that we call a robot user) needs to be created within your Movida or Sequence account. There can be as many robot users as required, so that different parties that need to access the account via the API can all have different logins and passwords.
Authentication will take place with the robot user’s login and password. If you have cURL installed, you can try your new robot user credentials on a terminal.
Here is how you would do this for the Movida API:
$ curl --digest -u robot_login https://movida.bebanjo.net/api
https://movida.bebanjo.net is the url of the Movida environment you are using.
You should be prompted for a password. Enter it, and if you authenticated correctly, the response should be a valid XML.
Note: A robot user cannot login to the BeBanjo applications using a web browser, and a normal user cannot fully utilise the API; see the API browser section below for more details.
Digest authentication requires a negotiation with the server to obtain a valid nonce token.
This negotiation makes the communications slower because clientes need to duplicate the requests. In order to leverage the communication and improve the performance our applications support nonce token re-using for a period of 5 minutes. In this way, a valid nonce obtained from the server can be used during 5 minutes without having to negotiate a new one.
This duration of 5 minutes is a value that we are not planning to change, but in order to make your integration more resilient you could probably implement a fall-back mechanism when using a cached nonce to automatically get a new one when it has expired.
A regular BeBanjo application username can be used to access the API with a web browser, but the user can only perform retrieve actions (i.e. it’s read-only access).
To do this, simply log into the Movida or Sequence applications as usual (via our ID application) and then change the URL shown in the location of the web browser by adding
/api to the path after the hostname.
For example, in Movida, changing
https://movida.bebanjo.net/api/ will show you the root of the Movida API in your web browser and you can follow the links to explore the API.
Last updated March 24th, 2017.