Requesting user API key
To request a user's API key, you can send the user to a specific URL. If they allow access, we will send you the API key for that user's account which is marked for your application.
Making the request
This part is relatively simple. Just create a URL with this structure and send it to the user. All you need to do is replace PUBLISHER, REASON, and SENDBACK with your own base64-encoded information for URL safety. You can do this in most languages or manually create the URL values using an online service such as: https://www.base64encode.org
URL Structure: hey.cafe/request/api/PUBLISHER/REASON/SENDBACK
Data you need to provide:
| Information | Description |
|---|---|
| PUBLISHER | Your application or website name. |
| REASON | A simple message that will say why the key is needed. For example: “For our native app”. |
| SENDBACK | A url to send the user to when done. We append ?key=KEY to your URL when sending them back (if already using url variables we change it according), and this will be the API key. |
Checking access and getting user data
Now that the user is back on your service, you can validate the API key sent returned in ?key=KEY by calling the following endpoint. If the key is not valid, system_api_error will have the value notvalid.
endpoint.hey.cafe/api/account_key?query=KEY
What to keep and store
The user can change all of their details on Hey.Café except for the account id. This will always be the same, and it is the value you should store for the linked account along with the API key.
Keep in mind that each time the user gets sent to the API URL, it will change the key. So update the key any time the user is sent back to you after validating it's the same user by comparing the stored user id in your system.
This key is linked to your PROVIDER and the SENDBACK value, so make sure you keep this the same each time. Otherwise, the user will see a buildup of sessions in settings for your service.