Blipfoto API

Authentication for a distributed web application

This guide outlines the process for authenticating a user using a web application that can be distributed to others.

  1. Obtain an Application Secret

    The Application Secret is used to sign authenticated requests to the API. Because your application's source code is freely available, you are not given a Secret. Instead, you must prompt for your user's Access Code during the installation process (users can view their Access Code at http://www.blipfoto.com/extras/permissions). You then use this value as the Application Secret. Read more...

  2. Direct the user to API Permissions

    Users must give permission for your application to access their account. To do this, you redirect your user to a special Blipfoto URL, providing your API Key and a callback URL where your user will be returned to upon approval. Read more...

  3. Obtain an Identity Token

    The Identity Token is used to identify the user and your application to the API. After permission approval, the Identity Token and the users' username are returned to your application in the callback URL parameters. Read more...

  4. Sign calls to authenticated resources

    You now have all that is required to authenticate calls for your user. The Application Secret and Identity Token are used to create a signature that verifies the user to the API. Read more...

© All material on this site is copyright Blipfoto and its contributors.