13 October 2015
16 December 2015
API as implemented
|0.3||3 January 2020||Authorization scheme enhanced|
Table of Contents
All API methods are protected by token authentication. A specified token is passed through http header 'Avalon-Api-Key'. A matching token must be configured in in Avalon's database. Creating and viewing tokens can be done via rake tasks.
Every token is associated with an Avalon user. User sessions authenticated against an API token will assume the same authorization rights as the associated user. (NOTE: In pre-7.0 versions of Avalon, API token logins were granted admin user rights.)
Anchor mediaobjects mediaobjects