Anonymous Access from Client Apps

You can't use app management token from client apps for security reasons. Therefore to support serverless apps, Whisk provides alternative mechanism

Note: For browser applications you need to provide list of domains which will be whitelisted

Client application can request short-lived token to access API and keep reference for user

curl "https://graph.whisk.com/auth/anonymous/create" \ -H "Accept: application/json" \ -H "Content-Type: application/json" \ -d '{ "clientId": "<YOUR-APP-ID>" }'

Example response:

{ "token": { "access_token": "Xb609ErrcoRNwll9wwxbk70OxFrbxEOu8Ui8ZzV4yJDA9RvLRGFhlMAAfkP2OmSS", "expires_in": 86400, "token_type": "Bearer", "refresh_token": "oS1437tty6buHTef0VGkXgcR7PvOt2DDUntSjWaCtDqJX8osK7d3Mip38NjpJdTH" } }

Then access_token from response can be used for communication from client app. This Access Token is bound to specific userId in Whisk Platform

Anonymous user will be deleted automatically after 30 days of inactivity, but if user will make any request in this period their lifetime will be increased for another 30 days.