API documentation

1. OAuth2 Authentication

We are using the "password" grant type for authenticating users through a client application: http://tools.ietf.org/html/draft-ietf-oauth-v2-25#page-34 .
Using this web service you can get an "access_token" that will be used for authorization by the other web services.

You can use any OAuth2 client that will make a POST request to the OAuth providers.

POST /api/oauth/token

Parameters:

Parameter name Parameter type Description
grant_type string type of login strategy (only 'password' accepted)
username string email of the user
password string password of the user
client_app_id string application id provided by the PARKING+PLUS
client_secret string application secret provided by PARKING+PLUS
{
  "grant_type"    : "password",
  "username"      : "user@example.com",
  "password"      : "sekret",
  "client_app_id" : "the_client_app_id",
  "client_secret" : "the_client_secret"
}

Status Code: 401 if user or password incorrect

{
  "error": "invalid_grant",
  "error_description": "The provided authorization grant is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client."
}

2. Facebook login

POST /api/car_driver/fo_users/logins/facebook

Parameters:

Parameter name Parameter type Description
facebook_access_token string access token returned by Facebook
client_app_id string application id provided by PARKING+PLUS
client_secret string application secret provided by PARKING+PLUS

Example:

{ 
  "facebook_access_token"     : facebook_user_access_token,
  "client_app_id" : "the_client_app_id",
  "client_secret" : "the_client_secret"
}

Then, you'll receive the access token back in the response:

{
  "access_token": "1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa",
  "refresh_token": "ds0af717251950dbd4d73eefdf0a474a5c5119adad9993332f5b4fdsc4607266tgy"
  "token_type": "bearer",
  "expires_in": 7200,
  "created_at": 1447165773
}

Response Parameters:

Parameter name Parameter type Description
access_token string access_token used for oAuth
refresh_token string refresh token used for refreshing the expired Access token
token_type string "bearer"
expires_in int seconds until the access token is no longer valid
created_at int time when the token was created

Access_token should then be used in subsequent requests for authorization.
Including this HTTP header:

Authorization: Bearer 09ba487fc3df...

If the access_token has expired

POST /api/oauth/token

using the refresh token and the "grand_type":"refresh_token"

Parameters:

Parameter name Parameter type Description
refresh_token string refresh token used for refreshing the expired access token
grant_type string grant_type="refresh_token"
{
  "grant_type"    : "refresh_token",
  "refresh_token": "ds0af717251950dbd4d73eefdf0a474a5c5119adad9993332f5b4fdsc4607266tgy"
}

Then, you'll receive the new access token and refresh token back in the response:

{
  "access_token": "1f0af717251950dbd4d73154fdf0a474a5c5119adad999683f5b450c460726aa",
  "refresh_token": "ds0af717251950dbd4d73eefdf0a474a5c5119adad9993332f5b4fdsc4607266tgy"
  "token_type": "bearer",
  "expires_in": 7200
}