DataWitness API 1.1 (Beta)

API Docs

Examples

API authentication happens a couple of different ways and at numerous times throughout the process of accessing an account. There is API authentication, user authentication, application authorization and access authentication. Below are some snippets showing different types and methods of doing this authentication

User Authorizes Application

Here is a sample function done in php which constructs a page with a callback url for a user to click on which will allow the user to authenticate themselves, and authorize the application when they have not previously done so:

Please note, this is not production code, and is meant only as an example process function showIntroPage($next) { $next_url = urlencode($next); $redirect_url = 'https://api.datawitness.net/login.php?app='.DEVELOPER_KEY; $redirect_url .= '&next='. $next_url; $a = '<html><head>'; $a .= '<script type="text/javascript" src="/default.js"></script>'; $a .= '</head>'; $a .= '<body><center>'; $a .= '<table style="width:50%;">'; $a .= '<tr>'; $a .= '<th colspan="2" style="text-align:center;">'.APPNAME.' API</th>'; $a .= '</tr>'; $a .= '<tr><td>Before you get started, please '; $a .= '<a href="javascript:openwin(\''.$redirect_url.'\',\'Login\',425,500);">'; $a .= 'sign in</a> '; $a .= 'to authorize this application.</td></tr>'; $a .= '</table>'; $a .= '</center></body></html>'; return $a; }

You would then add this to your pages and call the function something like this:

if (empty($_SESSION['authId'])) { echo showIntroPage('https://YOURSITE.COM/URL/PAGE'); exit; }

It very basically redirects the user to a page with a link to the Datawitness API login page. The user is presented with a form to put in their username and password, and then they are prompted to authorize the application.

A fully constructed URL would look like this:

https://api.datawitness.net/login.php?app=5baa61e4c9b94g4g0683360b6c \ f8441b7dw68fd8&next=http://YOURSITE.COM/URL/PAGE

Once the user completes this process, they are redirected to your callback url, which contains 1 argument. GET['authId']

if (isset($_GET['authId'])) { $_SESSION['authId'] = $_GET['authId']; do your cool stuff here :-) }

PLEASE NOTE: The authId is the password which you associate to the user for all subsequent api calls. That is, it becomes the password for that user which is associated to your application. The password is to be guarded as any password belonging to any user of a system.