Authentication

The HopDrive API uses short lived authentication tokens to authenticate each request. An authentication token may be retrieved by posting a valid client_id and client_secret to the /authorize endpoint.

Your combined secrets carry many privileges, so be sure to keep them secure! Do not share your secrets in publicly accessible areas such as GitHub, client-side code, and so forth.

Fetching a token

POST /v1/authorize
{
    "client_id": "your_client_id",
    "client_secret": "your_client_secret"
}

Curl Example
curl --request POST \
  --url https://api.hopdrive.com/v1/authorize \
  --header 'Content-Type: application/json' \
  --data '{
    "client_id": "JQLEnzKzcyj34i0gB7Gn3yPEa3MgK6Ej",
    "client_secret": "UU7Id9YbnpYo2RkDJgvpF76EPkF8gGpwBPI6yHTZMeh471NM4WlJg_Hwiq6VLT1n"
}'

Handling token expiration

After recieving an authentication token, the client should cache the received token, monitor the expiration of the token, and then retrieve a new one when that token expires.

Securing data transmission

All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail. See error handling for more information.

Fetching a token​

Handling token expiration​

Securing data transmission​

Fetching a token

Handling token expiration

Securing data transmission