The Lyft API uses OAuth2 over SSL for authentication and authorization. Users may find this straightforward if they have worked with OAuth2 before.
1- The OPTT's API uses API KEYS to authenticate requests.
The API KEYS carry many privileges, be sure to keep them secure! And not share the secret API KEYS in publicly accessible areas such as GitHub, client-side code, and so forth.
- All API requests must be made over HTTPS. Calls made over plain HTTP will fail. API requests without authentication will also fail.
2- After receiving the token, it should be used in the header of all APIs call:
Authorization: Tokens need to get entered in the "Authorization" section after the "bearer"; as shown in the screenshot.
offset: "offset" section needs to get filled with the number of minutes away from the UTC, meaning that you have to get the user's browser time, calculate the difference with the UTC and fill in the number in this field.
Updated about 1 year ago