Authentication Guide

The following is a detailed guide to the API login procedure. The authentication method for logging in to a Web application and a desktop application differ slightly so high level guides are also documented.

All calls to the CIX API require a digital signature authorising access before any data will be returned. We use the OAuth protocol to provide this security layer, developers use this format in their applications to make successful requests to the CIX REST APIs.

You must create an Application in the developer site to get your Consumer Key and Secret.

When external developers create an application on the CIX API, the CIX server creates a Consumer Key and a Consumer Secret. The digital signature is constructed by combining these two parameters with the OAuth Signature Method, Nonce, Timestamp, Token, and Token Secret parameters.

To reach a specific resource on a CIX REST API, an external application developer must also specify a Request URL. The RequestURL is a concatenation of [Target Server] + ”/” + [Resource URL].

CIX OAuth standards validate the credentials of an external application developer by means of the digital signature. If the external application signs the request, and the CIX server validates the digital signature, the developer is granted access to the requested resource.

The easiest way to see this process in an action is to follow these instructions for a 3rd party test client.

http://api.cixonline.com/v1.0/cix.svc/getrequesttoken

http://api.cixonline.com/v1.0/cix.svc/getaccesstoken

The following are the OAuth parameters required for each REST request.

For desktop applications:-

http://forums.cixonline.com/secure/authapp.aspx?oauth_token={required}&oauth_callback={optional}

For web applications:-

http://forums.cixonline.com/auth.aspx?oauth_token={required}&oauth_callback={required}

More information on OAuth can be found at OAuth.net

There code page provides examples and code for a variety of different languages Code examples.