Authorization Keys on Petitions

[Mat Bourne]

Hi all,

I've managed to work with most of the API resources and responses etc. However, I've now come to look at the 'Authorization Keys on Petitions' and don't really understand what it's for...

Can anyone shed some light on what the Authorization Keys on Petitions is, what it is used for and how it would be used?

Also, what is the 'Authentication' used for? Or is this part and parcel for the 'Authorization Keys on Petitions'?

Thanks in advance!

[Eric Lukoff]

Hi Mat,

If you want to change or update a resource such as a petition, you'll need to submit a 'request signature' as an additional parameter rsig, generated using a resource authorization key. The idea here is that to do things beyond retrieving information, you should be authorized to do so (and the owner of the resource has the ability to change your access). rsigs are also always generated using an API user's secret token so we know it was actually the original API user who submitted the request.

For the POST /petitions/:petition_id/signatures request, the rsig parameter requires a petition authorization key. More information here (under Request Signature) on how to build a proper rsig for adding signatures to a petition.

So, the "Authorization Keys on Petitions" request is for requesting a key on a specific petition. By default, you will be granted a key so you can immediately start adding new signatures to a petition.

Hopefully that sheds some light onto this. Let me know if you still have questions.

Eric

[Eric Lukoff]

Yes, that's correct. There is no automatic expiration of auth keys.

Eric