All requests are authenticated with a session token. This token can be passed as the session_id cookie or in the Authorization header:
Authorization: Bearer ABCDEFghijkl123
The session token identifies a user. A user can be attributted roles on groups allowing him to perform some operations (read and/or write).
When a user attempts an operation (sends a request to an endpoint), a 200 return code signals that the operation was performed successfully. A 401 return code signals that the authentication is missing or invalid. A 403 return code signals that the user doesn't have permission to perform the requested operation.
Get a session token
POST /api/v2/auth/login HTTP/1.1
HTTP/1.0 200 OK
The session token is returned both in the Set-cookie header and in the response body. Both value are the same, the first is automatically picked up by the browser as part of the cookie mechanism, the latter can be used by third party clients.
Groups serve as the core element of data organization. It usually represent a public transport network. Users are given role based access on groups.
Groups are represented as JSON objects which have the following keys:
|group_id||string||yes||yes||Group unique identifier, also serves as namespace|
|name||string||no||no||Display name of the group|
|current_file||string||no||no||Id of the gtfs file currently published|
|tz_delta||int||yes||yes||Current delta in seconds between the published gtfs timezone and UTC|