Authentication for a distributed web application
This guide outlines the process for authenticating a user using a web application that can be distributed to others.
Obtain an Application Secret
The Application Secret is used to sign authenticated requests to the API. Because your application's source code is freely available, you are not given a Secret. Instead, you must prompt for your user's Access Code during the installation process (users can view their Access Code at
http://www.blipfoto.com/extras/permissions). You then use this value as the Application Secret. Read more...
Direct the user to API Permissions
Users must give permission for your application to access their account. To do this, you redirect your user to a special Blipfoto URL, providing your API Key and a callback URL where your user will be returned to upon approval. Read more...
Obtain an Identity Token
The Identity Token is used to identify the user and your application to the API. After permission approval, the Identity Token and the users' username are returned to your application in the callback URL parameters. Read more...
Sign calls to authenticated resources
You now have all that is required to authenticate calls for your user. The Application Secret and Identity Token are used to create a signature that verifies the user to the API. Read more...