API Security – Tutorial

  1. Register for your API key at the link below:

http://store.iradek.com/Client/Register

  1. Add new App


  1. Fill out the form with Callback URL and Application Type as below. Feel free to choose different Application Name


  1. Click on your newly created application

  1. Note your Client App ID and Client App Secret. You will be needing them to properly established security.

You've established your client account and now you’re ready to make some API calls!

Go to https://www.LPK7.com/api/help to see the full list of API calls you can make. Let’s choose one that creates new site. Its documentation is here. As you can see this is a simple HTTP POST with all parameters needed to create new Site in a query string. Each API call needs to be authorized. We’ll use the account you created earlier for that purpose. Using Client App ID (and Client App Secret when required) we will want to have SoNET API to generate us short-lived access token that is essential to include with each API request to make the request authorized. From this point, how the interaction with SoNET API is performed, depends on the client being used. There are no restrictions on the client type. Client can be in form of any software capable of making HTTP requests.  The rest of tutorial will assume we will use FireFox as a simple client making HTTP requests. In real scenario those clients can be mobile, desktop, browser or even IoT (Internet of Things) applications.

Let’s try to get that access token first.

  1. Go to https://www.LPK7.com/api/help with latest version of FireFox
  2. Click CTRL+SHIFT+Q to open Network Monitor


  1. Go ahead and click Reload button


  1. Click on any requests displayed and choose Edit and Resend


  1. Contrive the request similar to the screen below and click Send

To make is easier – you can paste below into main request line. Just remember to replace {..} with your valid Client ID from pt. 5. Don’t also forget to clear Request Headers.

https://www.LPK7.com/mvc/oauth?client_id={your.ClientID}&scope=Api.Access&redirect_uri=http%3A%2F%2F127.0.0.1&response_type=token

  1. If everything goes well – you should be seeing another request on your list made to 127.0.0.1 (localhost).

Click it and look for your access token!

It will be a long string. You may want to copy it to Notepad (just the part after “=” sign and before another “&” character in line)

Congratulations – you are ready to make your first secure API call.


  1. Let’s use the API call we’ve initially assumed in pt. 5 to create entirely new Site.

This time we can setup a call in FireFox similar to this:

Remember to change the request type to POST. To make it easier on typing – paste below into main request line:

https://www.LPK7.com/api/SiteObjects/CreateSite?siteName={siteName}&templateName={templateName}&isEntireSitePublic={isEntireSitePublic}&requiresRegistration={requiresRegistration}&adminUserName={adminUserName}&adminEmail={adminEmail}&adminPassword={adminPassword}

We took copy-pasted above line from API documentation. Replace all the {…} values to your liking, for example:


In Request Headers add the following important line:

Authorization: Bearer {your access token from pt. 11}

while replacing { .. } with your access token. This will make the call legit.

  If everything goes well – you should get the status code 200 back indicating the success.

  

  1. Go to https://www.LPK7.com/{siteName} (replace {siteName} with the name of the site you have given during API call at pt. 12) to check your creation.

Congratulations – you’ve just made your first successful API call and it’s already quite powerful! That’s just the good beginning. SoNET offers comprehensive API and security models. Refer to the following link for more help:


https://www.LPK7.com/api/help


Thank you