Authentication

HTTP Basic authentication method (https://en.wikipedia.org/wiki/Basic_access_authentication) has to be used to login to API succesfully. There are two options to authenticate depending on your kind of integration:

Enterprise interface authentication

User name and password has to be used for Enterprise interface authentication. Credentials are BASE64 encoded during HTTP basic authentication. HTTP header will look like example below.

Before BASE64 encoding:

GET / HTTP/1.1    
Host: project.carecloud.cz    
Authorization: Basic <user name>:<password>

After BASE64 encoding:

GET / HTTP/1.1
Host: project.carecloud.cz
Authorization: Basic Zm9vOmJhcg==

The password is composed of two parts:

  • User password hashed with MD5 algorithm
  • Time in format YYYYMMDDHH (UTC)

All parts are connected and hashed with SHA-256 algorithm (implementation in PHP):

hash('sha256',md5("password")."2019040112"); 

Result:

string(64) "c0c0d92061deb13bf34570e513229368979708efcdbc80b8d881e7ef03461a6c"


Customer interface authentication

User name and token (provided by resource tokens) are used for Customer interface client authentication. Credentials are BASE64 encoded. HTTP header will look like the example below.

Before BASE64 encoding:

GET / HTTP/1.1
Host: project.carecloud.cz
Authorization: Basic <user name>:69dfa909171f15783d92877d86d114f8c49a50a8e15bdf4c280ba46cdb3a3d49c1288218

After BASE64 encoding:

GET / HTTP/1.1
Host: project.carecloud.cz
Authorization: Basic Zm9vOmJhcg==