Authentication

Access Tokens

To use Fluctuo Bridge, you'll need an access token. Fluctuo Bridge uses access tokens to associate requests to API resources with your account. You can find all your access tokens, create new ones, or delete existing ones on your account page.

Scopes

Access tokens can have differents scopes. Each APIs require a specific scope. A scope can be for public or private access token.
An access tokens with private scopes are very sensitive. They can retreive private data and or create, update or delete datas. Access tokens with private scopes should never be accessible by your users. They must not be included into front or mobile applications.

Use access tokens

To authorize GraphQL request, you must set access_token query string with one of yours.


    curl --request POST \
      --url https://flow-api.fluctuo.com/v1?access_token=MY_ACCESS_TOKEN \
      --header 'content-type: application/json' \
      --data '{"query":"query ($lat: Float!, $lng: Float!) {\n  vehicles(lat: $lat, lng: $lng) {\n\t\tid\n  }\n}","variables":{"lat":48.856614,"lng":2.352222}}'
  

On sandbox

When you're using the sandbox, you can pass an JSON object with wanted scope as an access token. Be careful to encode the object correctly.
The access token must contain an id (used for caching), and an array of scopes.


    jq -rn '{"id": '$(date +%s)', "scopes":["areas:read","providers:read","vehicles:read"]}|@uri'