If you search the archives for OAUTH you will see several conversations about implementing this workflow with HTTPAPI. After a recent discussion I did a little test implementation, but I didn't keep the code, and depending on your api's it may different
so probably wouldn't have helped much. http://scottklement.com/archives/ftpapi/
Basic workflow is:
Make an HTTPAPI call to a web service. You usually pass user name and password to this one. It returns a long encoded string that is only good for a certain amount of time.
If you are calling from one program, clear your headers. If you are storing the token somewhere and using it in different programs you should be good.
Make an HTTPAPI call to another web service - for this one, instead of user name and password, you pass the token as an auth type of Bearer
Keys are keeping track of if the token is good or not, and making sure you pass the correct headers to each api.
On Fri, 2021-02-05 at 13:28 -0800, Braden Lincoln wrote:
Kevin Bucknum CONFIDENTIALITY NOTICE This document and any accompanying this email transmission contain confidential information, belonging to the sender that is legally privileged.
This information is intended only for the use of the individual or entity named above. The authorized recipient of this information is prohibited from disclosing this information to any other party and is required to destroy the information after its stated
need has been fulfilled. If you are not the intended recipient, or the employee of agent responsible to deliver it to the intended recipient, you are hereby notified that any disclosure, copying, distribution or action taken in reliance on the contents of
these documents is STRICTLY PROHIBITED. If you have received this email in error, please notify the sender immediately to arrange for return or destruction of these documents. |
-- _______________________________________________ Ftpapi mailing list Ftpapi@xxxxxxxxxxxxxxxxxxxxxx http://scottklement.com/mailman/listinfo/ftpapi