The Whisk APIs are HTTP-based RESTful APIs that use flavor of OAuth 2.0 for authorization. API request and response bodies are formatted in JSON.
At the moment only server-to-server Authorization is supported. You'll need an Access Token if you want to use the Whisk API from your backend.
Note: To get a Management Token, contact [email protected]
Issued token plays role of ApiKey and need to be stored securely. It should be used only from servers (not browsers or devices)
To use your Access Token simply provide it as part of the authorization header when you make a request. Access Tokens use the bearer authorization header when you make a request. This just means you need to specify the bearer type in the header.
This sample request uses a bearer token to access Whisk feed:
You can't use app management token from client apps for security reasons. Therefore to support serverless apps, Whisk provides alternative mechanism
Note: For browser applications you need to provide list of domains which will be whitelisted
Client application can request short-lived token to access API and keep reference for user
access_token from response can be used for communication from client app. This Access Token is bound to specific
userId in Whisk Platform
You should respect
expires_in time in seconds. For short-lived tokens it is usually 1 day. On token expiration you can use
refresh_token to request new Access Token which will be bound to the same user.
This will provide new AccessToken