...
Writing Your Own Code
When you write your code against the API, the process will be similar. You'll have to post to the authentication endpoint to get a token and then send it down in the X-Auth-Token header for ALL requests.
If your token has aged approximately 1 hour, the server will kick out a refresh token in the X-Auth-Token-Refreshed header. Our app just sniffs for the refresh token on each request, and if it finds one, it replaces the current one and starts sending the new one.
| Tip |
|---|
A Flex Api token lasts approximately 12 hours and then expires. You should cache the token somewhere safe and sniff for a new token on every request. Replace the existing token when you see a new one. If you had a long period between requests and your token has expired, you'll get a 401 UNAUTHORIZED. You can detect that, and send a new /auth request to get a new token. |
Understanding Flex5 API
You will not be able to fully comprehend the Flex5 API only using the Swagger UI. Since the Flex5 UI uses the Flex5 API, you can use your browser's network tool to observe which APIs are being used, query parameters passed to the API, and JSON data being sent and received to and from the API.
Using Chrome as the browser, visit your Flex site and login. Now open Chrome DevTools by going to Chrome's Menu → View → Developer → Developer Tools. Open the Network tab at the top. You'll now be able to see everything accessing the Flex5 API. Return to the regular Chrome browser and continue to use the Flex5 UI to get/create what you are attempting to write code against the Flex5 API for. As you use the software, you'll begin to build up a log of network activity that will now help you understand which APIs to call and what data to pass in.