Authentication

The CommonSense API supports different ways of authentication for different types of clients and access methods.

Session

In order to upload and retrieve information, a user first needs to login with its username and password hash (see Login user). If the login is successful, the user will get a session_id which is provided in the response content, in the header with the name X-SESSION_ID, and in the Set-Cookie header as session_id

For every request that needs authorization the session_id needs to be specified either in the X-SESSION_ID header, the Cookie header as session_id, or as parameter with the name session_id.

Oauth

Third party applications that want to access restricted user data from CommonSense should use OAuth. In order to use our OAuth service you should first register your application at http://api.sense-os.nl/oauth/register_app. A description of how to use OAuth for CommonSense can be found here: CommonsenseOAuthDoc.pdf

Login user: POST /login

With this method a user can login with his username and md5 password hash.
The response header will contain a X-SESSIONID header and a cookie with a sessionid.
This session_id can be used for authentication. A user can be logged in on multiple locations.
Sessions older than a week become invalid when a user logs in on a new location.

URLhttps://api.sense-os.nl/login
MethodPOST
Need AuthTrue

Request Headers

NameDefaultTypeStyleRequired
Accept*xsd:stringheaderTrue

Request Parameters

NameDescriptionType

Request Body

The username and md5 password hash

{
    "username": "testuser",
    "password": "098f6bcd4621d373cade4e832627b4f6"
}

Change user password: POST /change_password

With this method the password of the current user can be changed.

URLhttps://api.sense-os.nl/change_password
MethodPOST
Need AuthTrue

Request Headers

NameDefaultTypeStyleRequired
Accept*xsd:stringheaderTrue

Request Parameters

NameDescriptionType

Request Body

The current and new password in md5 hash

{
    "current_password": "098f6bcd4621d373cade4e832627b4f6",
    "new_password": "4216455ceebbc3038bd0550c85b6a3bf"
}

Request password reset: POST /requestPasswordReset

Users can request a password reset by specifying their e-mail address or username.
An e-mail will be send to the specified or known e-mail address with an URL to reset the password.

URLhttps://api.sense-os.nl/requestPasswordReset
MethodPOST
Need AuthTrue

Request Headers

NameDefaultTypeStyleRequired
Accept*xsd:stringheaderTrue

Request Parameters

NameDescriptionType
emailThe e-mail address of the user account xsd:string
usernameThe username of the user account xsd:string

Logout user: POST /logout

This method will logout the user by destroying its cookie and session

URLhttps://api.sense-os.nl/logout
MethodPOST
Need AuthTrue

Request Headers

NameDefaultTypeStyleRequired
Accept*xsd:stringheaderTrue

Request Parameters

NameDescriptionType