Skip to content

Authorization

Jump to bottom
alxspiker edited this page Feb 24, 2024 · 2 revisions

Access Token (Bearer Token)

API calls requiring Pioneer-specific data use Access Tokens obtained via the Pi App Platform SDK's Pi.Authenticate function. Include the token in the Authorization header:

Authorization: Bearer <Pioneer's access token>

Example Code (Python):

const headers = { headers: { authorization: "Bearer " + { PioneerAccessToken } }};
axios.get("https://api.minepi.com/v2/me", headers);

Obtaining an Access Token

The Pi.Authenticate function of the Pi SDK provides an AuthResults object:

AuthResults{
    accessToken: string,
    user: {
    uid: string 
    }
}

Security Note: Use the accessToken from the frontend only for verification with the /me API endpoint. Do not store it long-term for identifying the Pioneer, as it is dynamic.

Verifying the Access Token

  1. Pass to Backend: Send the accessToken from your frontend to your server.

  2. Call /me Endpoint: Make a request to the Pi API's /me endpoint using the following header format:

    Authorization: Bearer <Pioneer's access token>

    Example (Python with Axios):

    const PioneerAccessToken = accessToken_Obtained_from_App_Frontend;
const header = { headers: { authorization: "Bearer " + PioneerAccessToken }};
axios.get("https://api.minepi.com/v2/me", header);

  3. Handle Response:

    • Success (200): The /me endpoint returns a UserDTO object containing the verified uid:

      Object{
  user: {
    uid: string, 
    username: string 
  }
}

    • Error (401): The Access Token is invalid.

Using the uid within your App

  • Create Unique Records: The verified uid from the /me endpoint can reliably create unique records in your app's database.
  • Personalized Experience: Use the uid to retrieve stored information like purchases or progress, enabling seamless login-free personalization.

Important: Use the verified uid from the /me endpoint, not the initial uid returned by Pi.Authenticate.

Server API Key (Authorization Key)

Certain API calls require authorization from your app's server-side for security reasons. To use a Server API Key:

  1. Obtain from the Developer Portal: Instructions for generating a Server API Key can be found in the appropriate section of the Developer Portal guide.

  2. Include in Authorization Header: Add the key to your API requests in the following format:

    Authorization: Key <Your App's Server API Key>

Example Code (Python: Payments Endpoint)

const postingURL = `https://api.minepi.com/v2/payments/${payment_id}`;
const headers = { headers: { authorization: `Key ${APIKEY}` } };
axios.get(postingURL, null, headers);

Important Notes

  • Secure Storage: Protect your Server API Key. Store it securely on your server and never expose it in client-side code.
  • Refer to Developer Portal: The Developer Portal will provide the most up-to-date instructions for API Key management and usage within specific API endpoints.

Enhancements

  • Purpose: Add a sentence or two clarifying the types of actions that typically require a Server API Key (e.g., processing payments, accessing sensitive Pioneer data).
  • Link to Developer Portal: Provide a direct link to the relevant section of the Developer Portal for easy reference.

NAVIGATION

REFERENCES

TOPICS

Terms

White Paper

Clone this wiki locally