Getting Started with the Dooing API

Getting Started

  1. Sign up

    You need to sign up to access the API

  2. Get your API key

    Login to the webapp and click on the “Access API” link at the top bar. Create your APP by filling all the required fields. We’ll assign an oAuth client id, client secret and an access token for each of your applications.

  3. Authenticate

    Have your users authenticate and authorize your application with Dooing

  4. Make Requests

    Make requests to our API Endpoints with your authenticated OAuth credentials.

Access Levels

Your ability to access, create or modify data depends on the permissions available for your Dooing profile. You can find user roles and permissions here.

Authentication

The API uses the OAuth 2.0 protocol for simple, but effective authentication and authorization. All requests to the API must be made over SSL (https:// not http://)

  1. Redirect users to request the API access

    GET https://connect.dooing.com/v1/oauth/authorize

    Parameters

    Name Type Description
    client_id string Required. The client ID you received from Dooing when you registered.
    redirect_uri string The URL in your app where users will be sent after authorization. See details below about redirect urls.
    scope string A comma separated list of scopes. If not provided, scope defaults to an empty list of scopes for users that don’t have a valid token for the app. For users who do already have a valid token for the app, the user won’t be shown the OAuth authorization page with the list of scopes. Instead, this step of the flow will automatically complete with the same scopes that were used last time the user completed the flow.
    state string An unguessable random string. It is used to protect against cross-site request forgery attacks.
  2. The API redirects back to your site

    If the user accepts your request, the API redirects back to your site with a temporary code in a code parameter as well as the state you provided in the previous step in a state parameter. If the states don’t match, the request has been created by a third party and the process should be aborted.

    Exchange this for an access token:
    POST https://connect.dooing.com/v1/oauth/token

    Parameters

    Name Type Description
    client_id string Required. The client ID you received from Dooing when you registered.
    client_secret string Required. The client secret you received from Dooing when you registered.
    code string Required. The code you received as a response to Step 1.
    redirect_uri string The URL in your app where users will be sent after authorization. See details below about redirect urls.

    Response

    By default, the response will take the following form:

    access_token=e72e16c7e42f292c6912e7710c838347ae178b4a&scope=user%2Cgist&token_type=bearer

  3. Use the access token to access the API

    The access token allows you to make requests to the API on a behalf of a user.

    GET https://connect.dooing.com/v1/users?access_token=...

Architecture

Goals for the Web service:

  1. Simple API design and pragmatic REST Web service, with only 3 base URLs per resource
  2. First base set the API version like /v1
  3. Last base is an id parameter commonly
  4. The API accepts POST, GET, PUT, and DELETE HTTP methods for in order of CRUD (Create, Read, Update, Delete)

Example : two (2) resources (/v1/tasks and /v1/tasks/xxx) and the four (4) HTTP methods

METHOD POST GET PUT DELETE
CRUD create read update delete
/v1/tasks create a new task list tasks update tasks error
/v1/tasks/123 error show 123 if exist update 123 else error delete 123

RESPONSE MODEL

{
    code: 200,
    name: "OK",
    data {}
}

RESPONSE ERROR MODEL

{
    code: 404,
    name: "Not Found",
    message: "User data not found!",
}

Test Console

Powered by SwaggerUI


Was this article helpful?

Related Articles