Authentication

The Firmafon v2 REST API can be accessed via OAuth 2.0 or with a one-off Access Token which you can create here. This helps us track the usage of your application as well as providing the best possible security and safety to our users' data. OAuth 2.0 is a modern standard used by most providers, large and small.

  1. Sign up
  2. Obtaining an Access Token
  3. Making requests
  4. Basic Auth
  5. Notes on access tokens

Sign up

To use the Firmafon v2 REST API with oAuth 2.0 you need to first register your application. Given that each application is tied to it’s own URL you might want to register one for development and one for production.

Obtaining an Access Token

Every request to a user’s data is authenticated by an access token. To get one the user must accept that they want to use your app. They do this on our domain. Start by redirecting your user to the following address:

https://app.firmafon.dk/api/v2/authorize
  ?client_id=YOUR_APPLICATIONS_ID
  &response_type=code
  &redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI

Users will be prompted to login (if they aren’t already) and then asked if they want to grant you access to their account. If they agree, they are taken to your redirect_uri with a request token as a parameter.

http://example.com/callback?code=REQUEST_TOKEN

Your app then makes a POST request like this:

https://app.firmafon.dk/api/v2/token
  ?client_id=YOUR_APPLICATIONS_ID
  &client_secret=YOUR_APPLICATIONS_SECRET
  &grant_type=authorization_code
  &redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI
  &code=REQUEST_TOKEN

The response will be JSON:

{ "access_token": "ACCESS_TOKEN" }

And there you have it.

Making requests

Once all that is done and you’ve successfully obtained an access token you need to send it along with every request.

The preferred way is to send it along as a header:

$ curl https://app.firmafon.dk/api/v2/calls -H "Authorization: Bearer ACCESS_TOKEN"

But as a testing convenience you can also pass it as a parameter:

$ curl https://app.firmafon.dk/api/v2/calls?access_token=ACCESS_TOKEN

Basic Auth

We also support Basic Auth for the API, set the Access Token as username and leave the password field empty.

Notes on access tokens

  • Please note that a user may at any time destroy their access tokens. You might want to take this into account when you’re building your application.