Authentication

To send requests to the API, you will need:

  • an API key (apikey), identifying the application
  • AND an email + password, identifying the user

The user can be authenticated using:

  • HTTP Basic: the email and password are sent with every request
  • Sessions: a first login request is made, then the session header is added to the next API calls

API Key

The API requests an API Key, identifying the application.

The key must be sent with every API requests, using the apikey parameter.

Important The apikey must be passed as a query parameter, and never in the body of the request.

For example, for a GET request:

GET /api/v1/groups?apikey=xxxxxx

For a POST request with Content-Type: application/json:

POST /api/v1/groups/4/calendars?apikey=xxxxxx
{
   "calendar": {
     …
   }
}


Note The « sandbox » and production API keys are different.


HTTP Basic

ClicRDV's API allow a HTTP Basic authentication.

Note The password is crypted through the HTTPS communication.


You can try it with Curl, using the -u option to set the HTTP Basic user and password:

$ curl -u "myaccount@clicrdv.com:secret"
       "https://www.clicrdv.com/api/v1/groups.json?apikey=xxxxxx"


Important ClicRDV's API doesn't send 401 responses when you try to access a protected resource. It is up to the client to always send the Authorization header: Authorization: Basic base64(email+':'+password)


Sessions

You can create a new session using the following request:

POST /api/v1/sessions/login

The parameters to send depend on the user profile you wish to connect:

  • to use the Calendar API: pro[email] and pro[password]
  • to use the Booking API: account[email] and account[password]

In both cases, the password must be encoded using SHA1.

Here is an example using Curl:

$ curl -i -X POST  "https://sandbox.clicrdv.com/api/v1/sessions/login.json?apikey=xxxxxx&\
                    pro%5Bemail%5D=fake.user%40gmail.com&\
                    pro%5Bpassword%5D=a94a8fe5ccb19ba61c4c0873d391e987982fbbd3"

HTTP/1.1 200 OK
Content-Type: application/json; charset=utf-8
Connection: keep-alive
Status: 200
Content-Length: 283
Set-Cookie: _session_id=4e8c5362ed2abeddca00000c; path=/; HttpOnly

{"pro":{"created_at":"2007-03-30 15:09:07","updated_at":"2011-10-05 14:52:07",\
"synched_at":"2011-09-29 19:50:18","lastname":"Fake","id":9,"firstname":"User",\
"cellphone":"06 12 34 56 78","email":"fake.user@gmail.com},"error":null\}

Note The %5B and %5D are the encoded values of '[' and ']'.

The session identifier is sent back within the HTTP response header Set-Cookie:

Set-Cookie: _session_id=4e8c5362ed2abeddca00000c; path=/; HttpOnly

For the next requests, you must set the session_id parameter into the Cookie header:

Cookie: _session_id=4e8c5362ed2abeddca00000c

Example using Curl, with the -H to add an HTTP header:

$ curl -i -H 'Cookie: _session_id=4e8c5362ed2abeddca00000c'
       "https://sandbox.clicrdv.com/api/v1/groups.json"

Note A session expires after 1 hour of inactivity.