Access tokens are similar to session tokens and allow entering of credentials once per session. Once authenticated, a user is provided with an access token that is submitted with every secure request (those containing '/secure/' in the URL path, e.g. submitting a donation) instead of always submitting a username and password. Access tokens are short-lived and can expire so users need to re-GET a token at the start of each session or if their current access token expires. Note that access token timeouts are individually set for each API user as a database configuration and by default are set to 10 hours.
NOTE: Credentials used to receive an access token are the same credentials used when signing up for an API Key. That is, the email and password associated with the new or existing GlobalGiving account used to request an API Key.
POST
xml, json
xml, json
https://api.globalgiving.org/api/userservice/tokens
email - user's email used to sign up for the GlobalGiving account and API key, required
password - user's password used to sign up for the GlobalGiving account and API key, required
api_key - api_key for the API user which is provided by GlobalGiving, required
NOTE: If the request is using an XML payload, be careful to escape the password with <![CDATA[ PASSWORD ]]> because passwords may contain characters that are invalid in an XML element body.
curl -H "Accept: application/xml" -H "Content-Type: application/xml" -d "<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<auth_request>
<user>
<email>John_Doe@hotmail.com</email>
<password>somepassword</password>
</user>
<api_key>YOUR_API_KEY</api_key>
</auth_request>" -X POST https://api.globalgiving.org/api/userservice/tokens
curl -H "Accept: application/xml" -H "Content-Type: application/json" -d '{"auth_request":{"user":{"email":"John_Doe@hotmail.com","password":"somepassword"}, "api_key":"YOUR_API_KEY"}}' -X POST https://api.globalgiving.org/api/userservice/tokens
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<auth_response>
<access_token>sqbkktg3s00vzz7gg3s198rzb9g3s2me2u2ng3s3</access_token>
</auth_response>
{"auth_response":{"access_token":"njd9wng4d0ycwnn3g4d1jm30yig4d27iom5lg4d3"}}
auth_request |
|
Element | Mandatory | Description |
---|---|---|
required | Api user's email used to set up a GlobalGiving account and receive an API Key. | |
password | required | Api user's password used to set up a GlobalGiving account and receive an API Key. |
api_key | required | Key for the API user which is provided by GlobalGiving. |
auth_response |
|
Element | Mandatory | Description |
---|---|---|
access_token | required | Resulting access token to use for further requests. |