This document detail how authentication works within the Passmarked API. The service itself is open to everyone with users only having to log in to run a bigger number of tests and a crawl of an entire website.
To authenticate with the API, a token is used. These tokens never expire and have a limited scope.
The easiest way to see the profile of the current token is to call:
Creating a Token
To create a token all apps can head over to Grant where the user will be presented with a UI that can be used to create a token and then copied for use.
Every token is allowed the following actions:
|Get the current profile (user/team/website).|
|Get the balance of available credits for the user/team.|
|Create a report by starting a crawl on a given page using the credits from the user/team account.|
|View report results.|
|Poll the progress of the report.|
|List issues found by the web crawler at any stage of a report.|
|List the occurrences of a particular issue on a report.|
Token on all requests
Not all requests require a token, which is by design. But for tracking purposes to help the team debug any issues, include the token if available. It won't change any requests/responses - it just helps the team paint a better picture.
Due to the limited nature of tokens, they will never expire. The idea is to keep it as simple as possible to make integrations easy.