Pepper Talk exposes most of the functionality via REST services for integration with you backends. These are available as standard JSON API's secured against your tokens via OAuth2. Available API's are documented in the API section.
All Pepper Talk resources are exposed behind SSL from the base URL https://hostedpepper.getpeppertalk.com/api/v1/. Resources are relative to this base URL.
REST services are secured similar to the Web SDK. Assuming that you have an account on Pepper Talk Console, generate a set of credentials for your app which is Web Auth enabled. All API's work on behalf of a user. You are expected to generate a bearer token for a user on your system. To generate a bearer token for use on API calls use the sso grant type from the getaccesstoken resource.
Relative URL: get_access_token
Method: POST
Data:
1
2
3
4
5
6
7
8
9
{
grant_type: 'sso'
client_id: pepperKitClientId
timestamp: 1427788129447 // UNIX timestamp with millisecond precision
user_id: <<userid>>
sso_token: sso_token
display_name: <<users full name>> //optional
profile_photo: <<users profile picture>> //optional
}
The SSO token is generated as follows
1
shasum(pepperKitClientId + ":" + pepperKitSecret + ":" + timestamp + ":" + userid)
Response:
Content-Type: application/json
1
2
3
4
5
6
7
{
"access_token":"MDVGMDkwRDItQTJFNC00MTZFLTg4NkUtNkZCNENEQzg5MzgxOmxVVHBxWmgzdlkxSHVGTE13b09uRFJVSUw3T3FZa1Rl",
"expires_in":90,
"resource_owner": <<userid>>,
"scope":"",
"token_type":"bearer"
}
To access any resource pass in the bearer token in the Authorization header like this.
Authorization: Bearer MDVGMDkwRDItQTJFNC00MTZFLTg4NkUtNkZCNENEQzg5MzgxOmxVVHBxWmgzdlkxSHVGTE13b09uRFJVSUw3T3FZa1Rl
If the bearer tokens are invalid or have expired a 403 status is returned on all calls.