Security

Protect user data and files with the latest standard in web security.

OAuth 2 Authorization

Following in the footsteps of major web app providers like Facebook and Google, Wepa API implements the latest version of the open standard for authorization, OAuth 2. It allows your users the ability to authorize certain API requests on behalf of them. For example, uploading print files.

Kiosk details like geographic location and printer status can be obtained through the Wepa API by a variety of search methods like school ID, zipcode, and even latitude/longitude.

Learn more

Client Credentials

The first step in working with API resources is registration. All clients consuming the API must register with WEPA and, if approved, be issued a set of credentials known as a client_id and client_secret. Click here to get started.

Passing these credentials in with the Authorization header of a resource request confirms the identity and privileges of the client. The form of the header should be as follows, including encoding the credentials as Base64 (also referred to as HTTP Basic authentication):

Authorization: Basic {client_id:client_secret (Base64)}

For user-specific resources, clients that have established a trust relationship with a particular user (have access to user credentials), access may be granted using a combination of user credentials, client credentials, and HTTP Basic authentication with transport-layer security (TLS). This is the most practical yet secure interface for “personal” clients (mobile app) that are trusted by the user. Other non-user resources may also be accessed using client credentials alone.

Grants and Tokenshttps://api.wepanow.com/oauth/token

Access to Wepa API resources are granted by issuing client access tokens. These limited-access tokens are good for a specific grant type only, and will expire after a certain amount of time.

There are currently two grant types supported by the API:

password
Grants access to a specific user’s resource (user, files, etc.)
client_credentials
Grants access to non-specific resources (groups, kiosks, etc.)

It’s worth noting that the “password” grant_type is an OAuth specific standard for issuing grants based on the resource owner’s (user) credentials, while the “client_credentials” grant_type is the standard for issuing grants solely based on client credentials. This value must be set appropriately in the request body.

Example 1.1 - HTTP POST request requesting an access token
POST   https://api.wepanow.com/oauth/token   

Authorization: Basic {client_id:client_secret (Base64)} 
Content-Type: application/x-www-form-urlencoded 

grant_type = [password | client_credentials] 
username=jsmith@myuniversity.edu (required for password grant) 
password=A3ddj3w (required for password grant)

A successful grant will return a JSON-formatted response containing the access token.

Example 1.2 - Response with client access token
{ 
	"access_token": "eceef192-04c6-4603-afcf-9463ed66135f", 
	"expires_in": 43199,
	"token_type": "bearer" 
} 

Once an access token has been issued, you're all set to start making Wepa API requests!