The authentication of the API is perfomed though a token. That token can be obtained via login endpoint, see login endpoint.

There are two methods for the authentication:

  1. Via HTTP header (name X-QAACK-TOKEN value token)

  2. Via cookie (cookie name token)

The two methods are checked in that order, first the token and if it doesnt is there then the cookie.

HTTP Header

The header is named X-QAACK-TOKEN.

Example token usage

GET /api/groups HTTP/1.1

Status codes

The following status codes are valid for all the endpoints:

40x codes

  • 400 Bad Request: No authentication found

  • 401 Unauthorized: The authentication is not valid

  • 404 Not found: The resource you are trying to access doesnt exists or you dont have permissions

Structure of the body

This responses has the following content on body:

  "error":"[description of the error]"