...
This method is designed for web applications where a user needs to actively grant permission. It's typically used when user interaction is required to approve access (eg selecting db and project). This process is most appropriate for full stack applications that will have user interface for end users.
2. Client Credentials Flow
This flow is more suited for server-to-server communication, where no user interaction is needed. It allows your backend systems to communicate with the dRofus API autonomously. As noted this is best for server to server communication, i.e. automated data retrievals or updates that happen without direct user interaction.
In the guides below, we will use the Client Credentials Flow as it's best for automated, script-based, or backend API interactions. Balazs will provide you with your client_id and client_secret.
...
Create an “API dRofus user":
Do not use your personal account for this.
Ensure the API user's email is not set to your own.
Generate a strong password for this user.
Add the user to the project:
Ensure that this user has sufficient access to perform the required API operations.
Set up authentication:
In Postman, select Basic Auth as the authentication type.
For scripts, you need to encode the username and password into base64. Here's an example of how to do this in Python:
Code Block language py import base64 import os from dotenv import load_dotenv credentials = f"{os.getenv("DR_USERNAME")}:{os.getenv("DR_PASSWORD")}" encoded_credentials = base64.b64encode(credentials.encode()).decode() # Encoded string can then be used for Basic Authentication in your API requests: headers = {"Authorization": encoded_credentials}
...