Basics of authentication

In this section, we’re going to focus on the basics of authentication.

Requirements:

Python 3.6
requests: pip install requests

1. Authenticating with password

First, you’ll need to authenticate user with his username and password. Create a file called clinked_auth.py and paste this into it:

import requests
import uuid

BASE_URL = 'https://api.clinked.com/'
USERNAME = ''       # Your username
PASSWORD = ''       # Your password
CODE_2FA = None     # 2FA code (optional)

Fill USERNAME and PASSWORD variables with your credentials. Once that is done you can make the first request:

data = {
    'grant_type': 'password',
    'client_id': 'clinked-mobile',
    'username': USERNAME,
    'password': PASSWORD,
    'code': CODE_2FA,
}
print('Getting initial access token...')
r = requests.get(BASE_URL + 'oauth/token', params=data)

json = r.json()
access_token = json["access_token"]

Now we know our temporary access token which we will use for the next step in Registering your application section.

2. Registering your application

Now, let’s register our application. Every registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared!

application = {
    'name': 'API test script',
    'description': 'API test script',
    'platform': 'OTHER',
    'deviceType': 'Other',
    'appVersion': '0.1',
    'deviceOs': 'OTHER',
    'bundleId': 'com.clinked.test',
}
r = requests.post(
    BASE_URL + 'v2/applications',
    json=application,
    headers={
        'Authorization': 'Bearer ' + access_token
    }
)

json = r.json()
client_id = json["clientId"]
client_secret = json["clientSecret"]

Your application should persist client_id and client_secret is a safe storage for future use. Once you get your application credentials you can finally authenticate.

3. Authenticating your application

To use the API you need to authenticate your application first using your Client ID and Client Secret.

data = {
    'grant_type': 'client_credentials',
    'client_id': client_id,
    'client_secret': client_secret,
    'scope': 'read write',
}
r = requests.get(BASE_URL + 'oauth/token', params=data)

json = r.json()
access_token = json['access_token']

Now you can use the resulting access_token to make authorized requests.

4. Complete source code

import requests
import uuid

BASE_URL = 'https://api.clinked.com/'
USERNAME = ''       # Your username
PASSWORD = ''       # Your password
CODE_2FA = None     # 2FA code (optional)


def main():
    access_token = get_access_token()
    print("Done!")
    print('Access token: ' + access_token)
    # Now you can use the resulting access token to make authorized API requests


def get_access_token():
    """Authenticates a user.

    Returns:
        str -- Final access token.
    """

    data = {
        'grant_type': 'password',
        'client_id': 'clinked-mobile',
        'username': USERNAME,
        'password': PASSWORD,
        'code': CODE_2FA,
    }
    print('Getting initial access token...')
    r = requests.get(BASE_URL + 'oauth/token', params=data)
    print_response(r)

    body = r.json()
    application = create_application(body['access_token'])
    return authenticate_application(
        application['clientId'],
        application['clientSecret']
    )['access_token']


def create_application(access_token: str):
    """Creates a new application.

    Arguments:
        access_token {str} -- authentication access token.

    Returns:
        dict -- application data dictionary.
    """

    application = {
        'name': 'API test script',
        'description': 'API test script',
        'platform': 'OTHER',
        'deviceType': 'Other',
        'deviceModel': '-',
        'appVersion': '0.1',
        'deviceOs': 'OTHER',
        'bundleId': 'com.clinked.test',
        'deviceToken': None,
    }
    print('Creating an application...')
    r = requests.post(
        BASE_URL + 'v2/applications',
        json=application,
        headers={
            'Authorization': 'Bearer ' + access_token
        }
    )
    print_response(r)

    return r.json()


def authenticate_application(client_id: str, client_secret: str):
    """Authenticates application.

    Arguments:
        client_id  {str} -- application client id.
        client_secret {str} -- application client secret.

    Returns:
        dict -- application authentication data dictionary.
    """

    data = {
        'grant_type': 'client_credentials',
        'client_id': client_id,
        'client_secret': client_secret,
        'scope': 'read write',
    }
    print('Authenticating application...')
    r = requests.get(BASE_URL + 'oauth/token', params=data)
    print_response(r)

    return r.json()


def print_response(response: requests.Response):
    """Print response data.

    Arguments:
        response {Response} -- request response object.
    """

    print('Response ({}): {}\n'.format(response.status_code, response.text))

    if response.status_code < 200 or response.status_code > 299:
        print("Something went wrong, please check your credentials.")
        exit()


if __name__ == '__main__':
    main()