Authentication Methods
#
Third PartyThe third party authentication method allows integrators access to the API using a standards based Authorization header. This header is combination of your API key and an access token (generated by the end-user for your application via the REI Forms Live/Realworks user interface, or by using Implicit Grant below) encoded as a base64 string.
All third party tokens generated by an end-user will remain active until removed by the user and will be completely unaffected by things such as username or password changes. The below screenshot shows the third party area where and end-user will create their access token:
This method is much more secure and gives the ability for end-users to control which third parties can access their account at any given time. However the main advantage is the ability to make requests without managing a session in your application by simply passing the Authorization header to any of the end points documented below.
Once you have an API Key and end-user third party token, you can construct your Authorization header as such:
- ๐ Example key: a9d9b0a7-1365-4781-85b3-0fbb36ecd230
- ๐ Example token: 258170b7-d02b-4f8b-aa41-2976f172fa21
- ๐ Combine with colon: a9d9b0a7-1365-4781-85b3-0fbb36ecd230:258170b7-d02b-4f8b-aa41-
- ๐ Convert to base64: YTlkOWIwYItNGY4Yi1hYTQxLTI5NzZmMTcyZmEyMQ==
- ๐ Pass in header: Authorization: Basic YTlkOWIwYItNGY4Yi1hYTQxLTI5NzZmMTcyZmEyMQ==