Each API call must be authenticated, and there are currently three options for this:
# Username+Passsword authentication: Specify parameters ‘username’ and ‘password’ in the URL, and they will be validated against registered users on the server. # Username+ApiToken authentication: Specify parameter ‘username’ as the registered user, and ‘password’ as a registered API token, in the URL, and they will be validated against registered API tokens for that user on the server. # Cookie authentication: A cookie may be obtained (by either of the above two authentication methods), and then used for subsequent API calls.
API Token Maintenance
An API token can be created with a POST to the /api/token API endpoint:
$ curl -v -X POST -F 'application=<app>' -F 'purpose=<purpose>' -F 'permit=<permit>' http://api.openvehicles.com:6868/api/token
Note that the ‘purpose’ and ‘application’ fields are comments attached to the token and are intended to identify the application that created/uses the token and the purpose that token is used for.
The ‘permit’ field defines the list of rights granted to the user of this token.
Any of the three authentication mechanisms can be used for this, so long as the permissions include either ‘token.admin’ or ‘admin’ rights.
An API token can be deleted with a DELETE to the /api/token/<TOKEN> API endpoint:
$ curl -v -X DELETE http://api.openvehicles.com:6868/api/token/<TOKEN>