Authentication

Learn how to authenticate through TextMaster API.

While the API provides multiple methods for authentication, we strongly recommend using OAuth for production applications. The other method provided is intended to be used for scripts or testing (i.e., cases where full OAuth would be overkill). Third party applications that rely on TextMaster for authentication should not ask for or collect TextMaster credentials. Instead, they should use the OAuth Authorization flow.

OAuth2

OAuth2 is a protocol that lets external applications request authorization to private details in a user's TextMaster account without accessing their password.

$ curl https://api.textmaster.com/v1/clients/users/me \
  -H "Authorization: Bearer ACCESS-TOKEN"

Tips: TextMaster recommends sending OAuth tokens using the Authorization header.

For more on OAuth Apps, see:

Signature

Warning: TextMaster discourages using the signature strategy to authenticate production applications to the API. Clients should use OAuth2 Apps instead.

Signature is an authentication strategy that requires the client to compute a signature hash based on the user's pair of API keys. The signature is only valid for 5 minutes after its creation.

For example, the following Shell script will compute that signature hash:

#!/bin/bash

APIKEY=somekey
APISECRET=somesecret
DATE=$(date -u +"%Y-%m-%d %H:%M:%S")
SIGNATURE=$(echo -n $APISECRET$DATE | openssl sha1 | sed 's/.*= //')

curl "https://api.textmaster.com/test" \
  -H "Apikey: $APIKEY" \
  -H "Date: $DATE" \
  -H "Signature: $SIGNATURE"

Last updated