Requirements
To access the api you must have a valid api key supplied by listflock. If you do not have an api key then please go to the api account management page to request one.
1) Request permission from the user
The web based application must redirect the user to api/access to get the users permission to access the data. You must supply a valid api key and the request must be made through HTTP GET.
http://listflock.com/api/access/?api_key=xxxxxxxxxxxxxxxxxxx
The user will be asked to login if they are not already. After which the user will be asked whether they would like to grant permission for the application to access their information and lists.
2) Authentication token
The user will be returned to the callback url supplied by you when you made the application account along with a 32 character token. This token is valid for 60 minutes after the time of creation.
<callback_url>/?token=xxxxxxxxxxxxxxxxxxx
This token can be used to request a permanent session key. The token will be consumed when a session is requested.
3) Get a user session key
To get a user session key for your application you will need to pass your api key and token to the auth/session method via a HTTP GET request.
api_key (Required) : Your 32 character api key.
token (Required) : The token you were supplied from the previous step.
api_sig (Required) : Your request needs a signature. See below.
For more details you should view the auth/session method page. The session key can be used to make authenticated calls.
1) Request a token
For a desktop application you must first request a token. The returned token will be 32 characters long and inactive. This means currently it cannot be turned into a session. Step 2 will cover activating the token.
You must use the auth/token method via a HTTP GET request.
api_key (Required) : Your 32 character api key.
api_sig (Required) : Your request needs a signature. See below.
For more details you should view the auth/token method page.
2) Request permission from the user
The desktop application must redirect the user to api/access to get the users permission to access the data. You must supply a valid api key and the request must be made through HTTP GET. This will activate the token making it ready for the auth/session call.
http://listflock.com/api/access/?api_key=xxxxxxxxxxxxxxxxxxx
The user will be asked to login if they are not already. After which the user will be asked whether they would like to grant permission for the application to access their information and lists.
This token can be used to request a permanent session key. The token will be consumed when a session is requested.
3) Get a user session key
To get a user session key for your application you will need to pass your api key and token to the auth/session method via a HTTP GET request.
api_key (Required) : Your 32 character api key.
token (Required) : The token you were supplied from the previous step.
api_sig (Required) : Your request needs a signature. See below.
For more details you should view the auth/session method page. The session key can be used to make authenticated calls.
Why bother?
To perform authenticated calls to the api you must sign your calls. This is to validate the request made and protect users data.
How do i do it?
You will need to supply the api sig for any methods where you see
"api_key (Required) : Your 32 character api key. ".
To make the signature you must order the parameters sent to the request by alphabetical order, not including the api sig itself. You must then concatenate the parameters (param.value) into a string. An example is below.
api_keyxxxxxxxxxxxxxxxxskxxxxxxxxxxxxxxxx
You now need to append your secret the string created and md5 hash.
md5(api_keyxxxxxxxxxxxxxxxxsk=xxxxxxxxxxxxxxxxSECRET)
You should now be returned a 32 character string which is your api_sig.