We require OAuth (version 2) access tokens to monitor and limit access to the API. OAuth2 access tokens are granted limited, specific permissions that allow applications to act on your behalf. They are:
login
- Validate your account, which just means an application could use your Cooper Hewitt account as a single-sign-on provider (kind of like Facebook Connect).
It will not be able to perform any other functions (or call API methods) that require permissions.
read
- Validate your account.
- Access things that you've marked as private (to own account).
It will not be able to perform any other functions (or call API methods) that require write
permissions.
write
- Validate your account.
- Access things that you've marked as private (to own account).
- Update things that you've marked as private (to own account).
When you authorize an access token you may also give it a time to live
(one hour, one day and so on). By default access tokens do not have an expiry date. If you choose to authenticate an application don't forget that you can change (or revoke) its permissions at any time.
If you are not a developer and would like to try out the API then you should visit this page to create an access token for yourself. If you are a developer then you probably want to start by creating an API key. If you are a developer please consult the OAuth2 How To page for details.
