<- Back to the API Overview

To access the Rupture Platform API, applications need to be verified and approved. This verification process yields a public and private key that is used by the application when accessing API resources on behalf of a user.

Session Tokens

A session token is used to assert that user has granted an application permission to interact with the Rupture Platform for them. The session token represents three things:

• An Application
• A User
• A Permission Level

Permissions are divided into three logical groups: Read, Write and Delete. Each step of permission inherits the permissions above it. In other words, an application with delete permissions also has read and write permissions.

Request Identification

Each request made to the Rupture Platform API has four components.

1. Application Identifier token
2. Request Signature
3. Request Identifier
4. Request Session token

In all cases, these four elements are represented as HTTP 1.1 headers when the request is issued. Those headers are:

1. X-Rupture-Application
2. X-Rupture-Signature
3. X-Rupture-Request
4. X-Rupture-Session

It is important to note that not all requests require a session token. Please refer to the API documentation for requests that meet that description.

Request Identifiers

Each request must include a unique incrementing integer. This is identifier can be an unsigned integer and is associated with a given session.

Request Signatures

Request signatures are created using the following process.

    Raw = Request Body + Request ID + Secret
    Signature = hex(md5(Raw))