Login

All API calls you can make, are always in the context of a logged-in user.

Receive an Access Token

We use Auth0 as our authentication provider. Third party applications should use the Implicit Authentication Flow to get user credentials. This flow forwards the user to the login UI and let them enter their user name and password there. Once the user is authenticated, the third party application will receive an access token, that they can use to communicate with the API.

Hint: Only first party applications are allowed to send user name and password directly using the Resource Owner Password Grant . Third party applications should always follow the Implicit Authentication Flow to get user credentials.

Third party applications can use one of the following methods, to let a user authenticate via EVE:

• Auth0 SDKs
• Call the Auth0 REST API directly

Call the Auth0 REST API directly

To authorize the user, your app must send the user to the authorization URL.

https://starteve.eu.auth0.com/authorize?
  response_type=token&
  client_id=YOUR_CLIENT_ID&
  redirect_uri=YOUR_REDIRECT_URI&
  scope=YOUR_SCOPES&
  audience=https://eve/api/prod&
  nonce=YOUR_NONCE

Parameters

| Parameter Name | Description | |--|--| | scope | Specifies the scopes for which you want to request authorization, which dictate which claims (or user attributes) you want returned. These must be separated by a space. The user will have to give your application access to these capabilities. Possible values are: read:current_user write:events read:events start:recording write:profile | | nonce | The nonce should be a cryptographically random string that your app adds to the initial request and Auth0 includes inside the ID Token, used to prevent token replay attacks . |

For more details and additional parameters, check out the official Auth0 documentation

Response

If all goes well, you'll receive an HTTP 302 response. The requested credentials are included in a hash fragment at the end of the URL:

HTTP/1.1 302 Found
Location: YOUR_REDIRECT_URI#access_token=ey...MhPw&expires_in=7200&token_type=Bearer&state=xyzABC123

ID Tokens contain user information that must be decoded and extracted.

Access Tokens are used to call the EVE API. The first thing your API will need to do is verify the Access Token.

Make a call with a user context

Once a user is authenticated, you can call the API in his context. For that, add the access token as a Bearer Token to the call's Authorization header.

curl --request GET \
  --url 'https://api.starteve.ai/api/user' \
  --header 'Authorization: Bearer eyJ0eXAiOiJKV1QiLCJh...'