API Mobile Authentication

Introduction

The CrowdTwist platform features a robust suite of APIs that allow clients and members to directly interact with the system. This documentation details the integration steps in interacting with CrowdTwist APIs as a mobile end user versus the typical server APIs. The main topics to be covered are:

• Mobile Authentication (Details the process to obtain a user token and make subsequent API requests)
• API Restrictions (Details the endpoints and data available to an end-user who is authenticated via a user token)

Mobile Authentication

The CrowdTwist end-user mobile authentication process involves an alternate HMAC-enabled authentication endpoint that returns a user session-token and key that must be included in all subsequent API calls. This token is set to expire every 6 months. Prior to authenticating, a user must be created via the User Create API to obtain the username or email needed within the authentication request. API requests made to these endpoints must be HMAC signed using the HMAC user private key from the client’s API configuration. Please refer to the companion page HMAC Authentication for additional in-depth examples and details on how to form an HMAC signed request.