Open berkayakin opened 6 years ago
samanthajayasinghe
commented
6 years ago Hi Berkayakin,
Thanks for your request. We have implemented php-api-client project that handles all headers in a proper way.
Please let us know if you need more information.
berkayakin
commented
6 years ago Hi Samantha,
Thank you for your answer. I am building a mobile app by using your REST APIs. I need to reach your api functions directly. So do I still need to install php-api-client? If yes, what else to do after installing it on the server.
Thanks, best regards
Berkay AKIN
2018-01-01 10:20 GMT+01:00 Samantha Jayasinghe notifications@github.com:
Hi Berkayakin,
Thanks for your request. We have implement php-api-client https://github.com/orangehrm/api-client-php project that will handled all headers in proper way.
Please let us know if you need more information.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orangehrm/orangehrm-api-doc/issues/6#issuecomment-354644445, or mute the thread https://github.com/notifications/unsubscribe-auth/AdjMDrk61UV-ppYNiOORpNLZZyN8VMNwks5tGKNvgaJpZM4ROVGk .
samanthajayasinghe
commented
6 years ago Hi Berkay,
If It's a mobile app you may not need to use php-client but you can call {yourDomain}/oauth/issueToken endpoint to get the token.( With client credentials)
All other endpoints need authorization and headers should add follows.
Authorization = Bearer {yourToken},
berkayakin
commented
6 years ago Hi Samantha,
Thank you very much. I think this will be helpful if you add it to your api documentation. I also want to ask how do you validate user? Because login call just gives user information as response. How to make sure users can not call functions with each others' ids? As I see while generating token we don't need to send username and password as parameters.
Thank you!
2018-01-03 23:13 GMT+01:00 Samantha Jayasinghe notifications@github.com:
Hi Berkay,
If It's a mobile app you may not need to use php-client but you can call {yourDomain}/oauth/issueToken endpoint to get the token.
All other endpoints need authorization and headers should add follows. Authorization = Bearer {yourToken},
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/orangehrm/orangehrm-api-doc/issues/6#issuecomment-355142714, or mute the thread https://github.com/notifications/unsubscribe-auth/AdjMDrbvyWiJRFMlhL5ykNdSM0WxJymBks5tG_uWgaJpZM4ROVGk .
samanthajayasinghe
commented
6 years ago Hi Berkay, Thanks for your info and we will update the api documentation with headers and token end points. Basically middle-ware application call the orangehrm REST apis with a valid token and user validation actually a part of middle-ware application.
We have implemented sample project with REST api which is basically handled the user validations.
There is no info about how the header should look like with requests. Please provide some info about it. Without a correct header we just get 401 unauthorized error.
Thanks