Retrieve authentication credentials for resources to be used with Booking.js widget v1
Resource auth is deprecated
App based authentication is the preferred and recommended method to interact with Timekit.
Resource based authentication is only relevant for customers using version 1 of our Booking.js widget. If that is the case, please consider upgrading to version 2 that works in tandem with the Projects model.
Retrieve personal authentication credentials for resources.
Search
Searchable attributes:
- resource.id
When you have the ID of a resource, you can use this endpoint to find that resource's credentials with this query:
curl --request GET \
--url https://api.timekit.io/v2/credentials?search=resource.id:2939c4fa-f06f-4496-8a20-03f57afcdfe6 \
--header 'Content-Type: application/json' \
--user :live_api_key_7nzvc7wsBQQISLeFSVhROys9V1bUJ1z7
This will return the credentials for that specific resource only. When using Booking.js, you should only use credentials of the type client-token
. Credentials of the client-token
type are safe to use on the frontend and only has access to a limited number of endpoints.
Frontend safe credentials
When using credentials on the frontend, ONLY use credentials with the type
client-token
. These tokens are safe to use on the frontend.
Alternatively, when you are querying the /resources
endpoint, you can include the user's credentials, using dynamic includes:
curl --request GET \
--url https://api.timekit.io/v2/resources/2939c4fa-f06f-4496-8a20-03f57afcdfe6?include=credentials \
--header 'Content-Type: application/json' \
--user :live_api_key_7nzvc7wsBQQISLeFSVhROys9V1bUJ1z7
This will return both the resource and the credentials belonging to it.
What about server-tokens?
Resource credentials of the type
server-token
are present in Timekit for historical reasons. They are still here to ensure backwards compatability for users that have built their Timekit integrations using these. However, we strongly encourage new Timekit users to use our app API-Key based authentication.