| Div | ||
|---|---|---|
| ||
Contents
|
...
Users can register their own applications using the Abiquo API or UI. For more information about registering applications with the API, including adding privileges, please read the ApplicationResourceApplicationsResource page in the API documentation.
...
The following table shows the OAuth specific endpoints that must be used when implementing the OAuth workflow.
| Operation | Endpoint |
|---|---|
| Request unauthenticated token | /oauth/request_token |
| Authorize request token | /oauth/authorize?oauth_token=<request token> |
| Get access token | /oauth/access_token |
The following table describes the query parameters that are used in the OAuth authentication workflow:
| Query parameter | Description |
|---|---|
| oauth_token | Required when authorizing a request token. |
| oauth_callback | A callback URL where clients will be redirected after successful authentication |
| oauth_verifier | Verifier value used when authorizing a Request Token |
Why OAuth 1?
...
Response Headers: Content-Length, Content-Type, Date, X-Abiquo-Token.
Response Message Body: N/A.
Response Status: 200, 401, 403.
Example Response: Response of the authenticated GET over a Datacenters resource
...
With Basic Authentication, Abiquo can protect user accounts with a two factor authentication code. When two factor authentication is enabled, users will be required to provide an additional verification code to prove their identity. That token will be delivered to the user by Abiquo, using the configured mechanism. Currently there are two supported ways of getting the verification code:
| The verification code will be sent to the user's mail every time a login is requested | |
| Google Authenticator | The Google Authenticator mobile app is used to generate the verification code for each login |
| Note |
|---|
Two factor authentication is an addition to Basic Auth. Applications using OAuth or the authentication cookie are not required to provide the two factor verification code. This kind of security constraint is intended to protect accounts against human abuse, while keeping the applications that integrate with the platform working in an automated way. |
...
That header indicates that the verification code is missing, and the type parameter indicates how the user can get it. The possible values are:
| The user will receive an email with the verification code. | |
| GOOGLE_AUTHENTICATOR | The user should use the Google Authenticator mobile app to generate the verification code. |
| none | The user has not enabled two factor authentication but the enterprise requires it to access Abiquo. User must enable 2FA using the method described above. |
Once the user has the verification code, it can be provided in the X-Abiquo-OTP header, as follows:
...