Clipper authorisation mechanism๐
In order to access the clipper API, the client must use a token, which is a random string generated by the application.
There are two ways for applications to obtain this token:
Get it from the user๐
The user can copy the token in the Clipper configuration page and provide it directly to the application. This is the simplest method.
Request it programmatically๐
The token can also be requested programmatically, as is done for the web clipper extension. It works as below:
-
The client calls
POST /auth. The server responds with{ auth_token: "AUTH_TOKEN" }. Thisauth_tokenis different from the regular token - it is just used to authentify the client. -
The application displays a message asking the user to Accept or Reject the access request.
-
The clients calls
GET /auth/check?auth_token=AUTH_TOKENat regular intervals. Initially the server responds with{ status: "waiting" }, since we are waiting for the user to confirm or reject. -
Once the user accepts the request in the application, the server returns
{ status: "accepted", token: "API_TOKEN" }. -
The client can now use this
API_TOKENto make requests. -
If the users rejects the request, the server returns
{ status: "rejected" }, and the client can display an error message.