Authentication
The Relatel v2 REST API can be accessed via OAuth 2.0 or with a one-off Access Token which you can create here. This helps us track the usage of your application as well as providing the best possible security and safety to our users' data. OAuth 2.0 is a modern standard used by most providers, large and small.
Sign up
To use the Relatel v2 REST API with oAuth 2.0 you need to first register your application. Given that each application is tied to it’s own URL you might want to register one for development and one for production.
Obtaining an Access Token
Every request to a user’s data is authenticated by an access token. To get one the user must accept that they want to use your app. They do this on our domain. Start by redirecting your user to the following address:
https://app.relatel.dk/api/v2/authorize ?client_id=YOUR_APPLICATIONS_ID &response_type=code &redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI
Users will be prompted to login (if they aren’t already) and then asked if they want to grant you access to their account. If they agree, they are taken to your redirect_uri
with a request token as a parameter.
http://example.com/callback?code=REQUEST_TOKEN
Your app then makes a POST request like this:
https://app.relatel.dk/api/v2/token ?client_id=YOUR_APPLICATIONS_ID &client_secret=YOUR_APPLICATIONS_SECRET &grant_type=authorization_code &redirect_uri=YOUR_APPLICATIONS_REDIRECT_URI &code=REQUEST_TOKEN
The response will be JSON:
{ "access_token": "ACCESS_TOKEN" }
And there you have it.
Making requests
Once all that is done and you’ve successfully obtained an access token you need to send it along with every request.
The preferred way is to send it along as a header:
$ curl https://app.relatel.dk/api/v2/calls -H "Authorization: Bearer ACCESS_TOKEN"
But as a testing convenience you can also pass it as a parameter:
$ curl https://app.relatel.dk/api/v2/calls?access_token=ACCESS_TOKEN
Basic Auth
We also support Basic Auth for the API, set the Access Token as username and leave the password field empty.
Notes on access tokens
- Please note that a user may at any time destroy their access tokens. You might want to take this into account when you’re building your application.