Authentication

The HopDrive API uses short lived authentication tokens to authenticate each request. An authentication token may be retrieved by posting a valid client_id and client_secret to the /authorize endpoint.

Your combined secrets carry many privileges, so be sure to keep them secure! Do not share your secrets in publicly accessible areas such as GitHub, client-side code, and so forth.

Fetching a token#

POST /v1/authorize

{
    "client_id": "your_client_id",
    "client_secret": "your_client_secret"
}

Curl Example

curl --request POST \
  --url https://api.hopdrive.com/v1/authorize \
  --header 'Content-Type: application/json' \
  --data '{
    "client_id": "JQLEnzKzcyj34i0gB7Gn3yPEa3MgK6Ej",
    "client_secret": "UU7Id9YbnpYo2RkDJgvpF76EPkF8gGpwBPI6yHTZMeh471NM4WlJg_Hwiq6VLT1n"
}'

Handling token expiration#

After recieving an authentication token, the client should cache the received token, monitor the expiration of the token, and then retrieve a new one when that token expires.

Securing data transmission#

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. See error handling for more information.