Resource based auth

Authenticate a user by means of email and password.
Only use this endpoint for browser-based integrations, where you want to personally sign the user in.

❗️

Resource auth is deprecated

App based authentication is the preferred and recommended method to interact with Timekit.

Resource based authentication is only relevant for customers using version 1 of our Booking.js widget. If that is the case, please consider upgrading to version 2 that works in tandem with the Projects model.

Use this endpoint at the beginning of your user's session when interacting with Timekit and store the returned api_token in the users session. The API is sessionless so you need to provide the api_token with each subsequent API request as the password part of basic http authentication.

In order for personal authentication to work, you must also supply the "Timekit-App" header, with the value set to the slug of the app the user is requesting through.

So a valid personally authenticated request, using the above api_token, would look like this

curl --request POST \
    --url https://api.timekit.io/v2/findtime \
    --header 'Content-Type: application/json' \
    --header 'Timekit-App: back-to-the-future' \
    --user [email protected]:nvHfRSlhvsnlg4rS7Wt28Ty47qdgegwSu3YK7hPW \
    --data '{
        "resource_ids": [
            "78a4d873-2a68-41c6-bdd4-c0ca5b35efd3"
        ],					 
            "future": "2 days",
            "length": "4 hours"
        }'
var xmlhttp = new XMLHttpRequest();
xmlhttp.open("POST", "https://api.timekit.io/v2/findtime");
xmlhttp.setRequestHeader("Content-Type", "application/json");
xmlhttp.setRequestHeader("Timekit-App", "back-to-the-future");
xmlhttp.setRequestHeader("Authorization", "Basic " + btoa("[email protected]:nvHfRSlhvsnlg4rS7Wt28Ty47qdgegwSu3YK7hPW"));
xmlhttp.send('{"resource_ids": ["78a4d873-2a68-41c6-bdd4-c0ca5b35efd3"],"future": "2 days","length": "4 hours"}');
//see: https://github.com/timekit-io/js-sdk
timekit.configure({
  app: 'back-to-the-future',
  resourceEmail: '[email protected]',
  resourceKey: 'nvHfRSlhvsnlg4rS7Wt28Ty47qdgegwSu3YK7hPW'
})

Authenticated personally also means that you will have to omit the resource_id parameter otherwise required where relevant. This parameter is to specify which resource should be booked etc, being personally authenticated makes this value redundant and so it should be omitted.

🚧

This endpoint is meant for browser-based integrations only.

You should not use this endpoint for server-to-server integrations, because that would mean that you're storing your users passwords, most likely in clear text which you should absolutely not do!
Only use this endpoint when the passwords comes directly from your user!

Language
Click Try It! to start a request and see the response here!