English

Français
Italiano

English

Français
Italiano

Appearance

Sessions

Sessions allow you to log in as a user on your back office. Without a valid session, a user cannot access the back office.

Composition

A session is defined by an IP address, a user agent and a user. These attributes are read-only.

Usage

In order to make requests to your back office API, you can use the API keys or log in as a user. To do this, you need to make a request to the sessions API with your email and password.

Here's an example of a CURL request to get a login token:

shell
curl https://demo.back-office.pro/sessions \
     -X 'POST' \
     -H 'Accept: application/json' \
     -d '{"session":{"email":"[email protected]", "password":"******"}}'

And here's an example of a payload you're going to get with this request:

JSON
{
  "token_type": "Bearer",
  "expires_in": 600,
  "access_token": "eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********",
  "refresh_token": "eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********"
}

You can then, for example, reuse the access_token token to make a new API request to get the list of users. The token must be placed in the Authorization HTTP header with the Bearer prefix.

Here's an example of a CURL request that allows you to get a list of users:

shell
Curl https://demo.back-office.pro/users \
     -H 'Authorization: Bearer eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********' \
     -H 'Accept: application/json'

Also note that you will get the list of users only if the user associated with the token has the rights to do so. Otherwise, you will get a 403 error.

Security

For security reasons, you should refresh your token. A token is only valid for 10 minutes. To do this, you need to make a request to the tokens API by specifying the refresh_token token obtained through the sessions API.

Here's an example of a CURL request that allows you to refresh a login token:

shell
curl https://demo.back-office.pro/tokens \
     -X 'POST' \
     -H 'Authorization: Bearer eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********' \
     -H 'Accept: application/json' \
     -d '{"refresh_token":"eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********"}'

And here's an example of a payload you're going to get with this request:

JSON
{
  "token_type": "Bearer",
  "expires_in": 600,
  "access_token": "eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********",
  "refresh_token": "eyJfcmFpbHMiOnsiZGF0YSI6IjQxZmE5NWU5LWFjO*********"
}

You can then reuse the new access_token token for future API requests.