Reeleezee GitHub page

Login & Authentication

Authentication is the process of determining whether someone or something is, in fact, who or what it claims to be. In this process the provided username and password are compared to those in a database of authorized users within an authentication server. API has a set of functions and procedures that allow access to the data of a system. In case of web hosted APIs this access is in the form of request and response. API serves all incoming requests by providing a response in the form of the required data. Hence, the authentication of each request is necessary before it gets to pass the request through to get the appropriate data. A robust layer of authentication functions and techniques provide defense to malicious and unauthorized calls from the internet. The Reeleezee API Authentication mechanism provides hassle-free data access along with data security. The Reeleezee API can authenticate every request from an authorized client and return the result in a single call to API. Users just need to provide their credentials (username and password) through a proper mechanism, as explained further.

We will now explore techniques of the Reeleezee web API Login and Authentication mechanism, to understand how Reeleezee Accounting API Authenticates requests and how you can set up authentication for every request.

The communication between service consumer (client) and service (server) must be stateless between requests. This means that each request from a service consumer should contain all the necessary information for the service to understand the meaning of the request, and all session state data should then be returned to the service consumer at the end of each request.
Due to the stateless constraint, every call to the API must (where required) be authenticated, which goes in the following flow, using Basic Augh mechanism.

Reeleezee API Login and Authentication flow
Credentials

The login credentials for the Reeleezee API are the same credentials that are used to login to the Reeleezee browser applications. One must make sure that the correct permissions are set for that Login credential set.

 

Basic Auth

For now, we use Basic authentication, which means we add the user name and password as a Base64 string in the header “Authorization” of each request to the API. The transmission of credentials is encrypted over SSL, and the use of the “Authorization” header is ubiquitous in HTTP clients and systems.

We have planned to upgrade our Authentication system to OAuth 2 or JWT soon. OAuth 2 will provide better access control over resources for users, based on token identifiers validity. JWT is a strict set of instructions for the issuing and validating of signed access tokens. The tokens contain claims that are used by an app to limit access to a user.

 

Reeleezee API Authentication & Login using Postman

Postman – REST Client:

Postman helps you to be more efficient while working with APIs.  Postman is open sourced under the Apache License 2.0. You can add the extension to Google Chrome from here.

 

If you use Postman, your username and password will be automatically added as a header as shown in the image below:

 

 

The URL will be the base address of the API with the requested resource

Base:                      https://portal.reeleezee.nl/api/v1

Resource:              customers

Final URL:              https://portal.reeleezee.nl/api/v1/customers

A successful authentication will return a response in form of JSON.