Spark-Could-API-Auth
 |
En cours de traduction/élaboration. |
Authentification
Just because you've connected your Spark Core to the internet doesn't mean anyone else should have access to it. Permissions for controlling and communciating with your Spark Core are managed with OAuth2.
# You type in your terminal
curl https://api.spark.io/v1/devices/0123456789abcdef01234567/brew \
-d access_token=9876987698769876987698769876987698769876
# Response status is 200 OK, which means
# the Core says, "Yes ma'am!"
# Sneaky Pete tries the same thing in his terminal
curl https://api.spark.io/v1/devices/0123456789abcdef01234567/brew \
-d access_token=1234123412341234123412341234123412341234
# Response status is 403 Forbidden, which means
# the Core says, "You ain't the boss of me."
# LESSON: Protect your access token.
When you connect your Spark Core to the Cloud for the first time, it will be associated with your account, and only you will have permission to control your Spark Core—using your access token.
If you need to transfer ownership of the core to another user, the easiest way is to simply log into the Spark build site, click on the 'cores' drawer on the bottom left, and then click the small 'right arrow' by the core you want to release, then click "Remove Core". This will make it possible for the other person you are transfering the core to, to go through the normal processus de déclaration.
In the future, you will be able to provision access to your Spark Core to other accounts and to third-party app developers; however, these features are not yet available.
Comment envoyer votre access_token
There are three ways to send your access token in a request.
- In an HTTP Authorization header (always works)
- In the URL query string (only works with GET requests)
- In the request body (only works for POST & PUT when body is URL-encoded)
In these docs, you'll see example calls written using a terminal program called curl which may already be available on your machine.
Example commands will always start with curl.
curl -H "Authorization: Bearer 38bb7b318cc6898c80317decb34525844bc9db55" https://...
To send a custom header using curl, use you the -H flag. The access token is called a "Bearer" token and goes in the standard HTTP Authorization header.
curl https://api.spark.io/v1/devices\?access_token=38bb7b318cc6898c80317decb34525844bc9db55
The query string is the part of the URL after a ? question mark. To send the access token in the query string just add access_token=38bb.... Because your terminal thinks the question mark is special, we escape it with a backslash.
curl -d access_token=38bb7b318cc6898c80317decb34525844bc9db55 https://...
The request body is how form contents are submitted on the web. Using curl, each parameter you send, including the access token is preceded by a -d flag. By default, if you add a -d flag, curl assumes that the request is a POST. If you need a different request type, you have to specifically say so with the -X flag, for example -X PUT.
Générer un nouvel access_token
|
|
En cours de traduction/élaboration. |
Source: Cloud CODE (API) créé par Spark.IO.
Traduction réalisée par Meurisse D pour MCHobby.be - Translated by Meurisse D. for MCHobby.be
Traduit avec l'autorisation de Spark.IO - Translated with the permission from Spark.IO - Spark.IO
Toute référence, mention ou extrait de cette traduction doit être explicitement accompagné du texte suivant : « Traduction par MCHobby (www.MCHobby.be) - Vente de kit et composants » avec un lien vers la source (donc cette page) et ce quelque soit le média utilisé.
L'utilisation commercial de la traduction (texte) et/ou réalisation, même partielle, pourrait être soumis à redevance. Dans tous les cas de figures, vous devez également obtenir l'accord du(des) détenteur initial des droits. Celui de MC Hobby s'arrêtant au travail de traduction proprement dit.