Clipper authorisation mechanismπŸ”—

In order to access the clipper API, the client must use a token, which is a random string generated by the application.

There are two ways for applications to obtain this token:

Get it from the userπŸ”—

The user can copy the token in the Clipper configuration page and provide it directly to the application. This is the simplest method.

Request it programmaticallyπŸ”—

The token can also be requested programmatically, as is done for the web clipper extension. It works as below:

  • The client calls POST /auth. The server responds with { auth_token: "AUTH_TOKEN" }. This auth_token is different from the regular token - it is just used to authenticate the client.

  • The application displays a message asking the user to Accept or Reject the access request.

  • The clients calls GET /auth/check?auth_token=AUTH_TOKEN at regular intervals. Initially the server responds with { status: "waiting" }, since we are waiting for the user to confirm or reject.

  • Once the user accepts the request in the application, the server returns { status: "accepted", token: "API_TOKEN" }.

  • The client can now use this API_TOKEN to make requests.

  • If the users rejects the request, the server returns { status: "rejected" }, and the client can display an error message.