Plugins
Last Updated: 2023-10-29 02:00:08
The amount of access available through HTTP API is dependent of which plugins you have installed and whether you've selected the API during their installations. For example, you need to install the Blog API to gain access to blog related API functions.
Note: Not all plugins have an API but most do. If a plugin API is required but not installed then you can always go back to the plugin installation manager and add it.
The HTTP API first needs to be setup and activated. You can do this by creating application keys. An application key defines how an API token works and behaves. Once the application key is created you are able to create API keys for development.
Fliddo allows for great control over how API key authentication and
usage works so your organizations standards are met. Let's go over some
of the options.
Token Verification
Token verification is an advanced feature and in most cases is not required. This feature is intended to verify that a third party company controls their website and your point of contact is authorized to do business on their behalf.
Note: A contractor may not always have control over their website, perhaps they are using a marketplace to obtain contracts. In this case do not use token verification.
To proceed with token verification, a return URL must be provided. This requires collaboration between you and the company you're hiring because the URL needs to match what is entered here. The return URL needs to be accessible and return a JSON empty string with an HTTP 200 ok status.
Note: It's best practice to use HTTPS for this.
Single Use Tokens
An application key is needed to create an API token. An API token is used to generate a client token which are authenticated passes. Think of client tokens as sign-ins, when you sign-in to a website your session is verified and you can proceed. The API token ( signing ) behaves the same way and once verified, the client token ( session ) allows the developer to proceed.
A single use token means that on every HTTP API endpoint request, the client token is invalidated and API token must be authenticated before the next request.
This is generally the best way to test authentication and token expiry when developing your own wrapper library in a none supported language. Fliddo currently supports only a PHP wrapper for your HTTP API.
Refresh Rate
The refresh rate is related to client tokens and means how many requests are permitted before the client token is invalidated and API token must be authenticated.
Note: When hiring part time developers or contractors, it's recommended to keep this number low ( e.g. 20 ).
Token verification is an advanced feature and in most cases is not required. This feature is intended to verify that a third party company controls their website and your point of contact is authorized to do business on their behalf.
Note: A contractor may not always have control over their website, perhaps they are using a marketplace to obtain contracts. In this case do not use token verification.
To proceed with token verification, a return URL must be provided. This requires collaboration between you and the company you're hiring because the URL needs to match what is entered here. The return URL needs to be accessible and return a JSON empty string with an HTTP 200 ok status.
Note: It's best practice to use HTTPS for this.
Single Use Tokens
An application key is needed to create an API token. An API token is used to generate a client token which are authenticated passes. Think of client tokens as sign-ins, when you sign-in to a website your session is verified and you can proceed. The API token ( signing ) behaves the same way and once verified, the client token ( session ) allows the developer to proceed.
A single use token means that on every HTTP API endpoint request, the client token is invalidated and API token must be authenticated before the next request.
This is generally the best way to test authentication and token expiry when developing your own wrapper library in a none supported language. Fliddo currently supports only a PHP wrapper for your HTTP API.
Refresh Rate
The refresh rate is related to client tokens and means how many requests are permitted before the client token is invalidated and API token must be authenticated.
Note: When hiring part time developers or contractors, it's recommended to keep this number low ( e.g. 20 ).
Refresh Period
Similar to the refresh rate, it to is related to client tokens and means how long before the client token is invalidated and api token must be authenticated.
Similar to the refresh rate, it to is related to client tokens and means how long before the client token is invalidated and api token must be authenticated.
Note: When hiring part time developers or contractors, it's recommended to keep this low ( e.g. 1 hour ).
Once you have an application key, you need to create the API token. It's here where you verify the return URL if using token verification and also where you setup your credentials ( username and password ) to authenticate the API token. Once complete you are finished generating tokens.
You can create more then one application key and token. It's recommended to tailor them to whom ever will be using it.
Note: Creating keys/tokens creates an association to API domain name in the format of api.[your domain] only.
Once you have an application key, you need to create the API token. It's here where you verify the return URL if using token verification and also where you setup your credentials ( username and password ) to authenticate the API token. Once complete you are finished generating tokens.
You can create more then one application key and token. It's recommended to tailor them to whom ever will be using it.
Note: Creating keys/tokens creates an association to API domain name in the format of api.[your domain] only.