Nodalio API Technical Documentation

  1. Home
  2. Docs
  3. Nodalio API Technical Documentation
  4. API Security

API Security

Each request to the Nodalio REST API is validated with a security token. The API, as specified by RFC6750, will attempt to extract a security token from the following:

  • The key “access_token” in the request body.
  • The key “access_token” in the request parameters.
  • The value from the header -> Authorization: Bearer <token>

More than one token location.

If a token is provided in more than one location, the request will be aborted immediately by sending code 400 (per RFC6750).

Site level token accessing server controls.

As stated in the HTTP Status codes section, each security token has permissions. Tokens with site-level permissions, attempting to access to the /v1/server endpoint will result in a 401 HTTP status code.

Response example.

As stated in the HTTP Status codes section, each security token has permissions. Tokens with site-level permissions, attempting to access to the /v1/server endpoint will result in a 401 HTTP status code.

Example of an invalid token response:

  
{

    "result":	"failure",
    "data":	"Bad Token"
    
} 

Example of bad permissions response:

  
{

    "result":	"failure",
    "data":	"This token is missing server control permissions."
    
} 

API security token permissions.

API security tokens generated with the Nodalio REST API have 2 types of permissions:

  • Site-Level
  • Server-Level.

By default, tokens are generated with the site-level permissions. These tokens are permitted to use the /v1/tokenvalidate and /v1/sites endpoint. Tokens generated for server level permissions, for example, the token generated for the sites manager, are permitted to use all endpoints available:

  • /v1/tokenvalidate
  • /v1/sites/
  • /v1/server
Was this article helpful to you? Yes No

How can we help?