dud3 · August 29, 2015 14:03
diff --git a/API Documentation b/API Documentation
 # Description
 This documentation includes simple and more advanced usage of Mymxlog API.

 ## Table of content
 * OAuth
 * 

 ## OAuth
 OAuth2 is a protocol that lets external apps request authorization to private details in a user’s GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.

 All applications need to register their application before getting started. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared.

 ## Password Flow
 First test ride of the token request(only a test, not access to other routes):

 ``` client_id: 45xgmbg743 ```
 ``` client_secret: S7Ixy91sqexn5BPXgSWX47AN80ZNVYD8 ```
 ``` grant_type: password ```
 ``` username: [email protected] ```
 ``` password: 123123123 ```
 ``` state: 123456789 (to be changed later on ...) ```

 Full URL:
 ```
 dev2.mymxlog.com/oauth/access_token?grant_type=password&client_id=45xgmbg743&client_secret=S7Ixy91sqexn5BPXgSWX47AN80ZNVYD8&[email protected]&password=123123123&state=123456789
 ```

 This way you'll be provided by(in my case):
 ```
 {
    "access_token": "S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs",
    "token_type": "bearer",
    "expires": 1405969273,
    "expires_in": 604800,
    "refresh_token": "0cJoSg5QOR07kEFU7B2x7P0REyIiYyP9Vd0vaO9E"
 }
 ```

 Make a call to the API routes like(E.x.): 
 ``` 
 dev2.mymxlog.com/api/v1/img/u/2000?s=200&access_token=S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs
 ```

 ## Description
 I guess this type of grant is enough for our phone_app.
 The Full URL above is used only once while authenticating the Client(e.x.: the phone app).
 After a successful authorization you will be granted by a Token(the one above).
 Once you get the token pass it to every as a parameter to the query: 
 ```
 dev2.mymxlog.com/api/v1/exampleRoute?access_token=S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs
 ```

 Sample respond(in my case):
 [ A simple image resizer on fly. ]
 ```
 {
    "img": "http://dev2.mymxlog.com/packages/spescina/imgproxy/200/200/1/90/avatars/[email protected]/790gxtBw.png",
    "usr_info": {
        "first_name": "Demo",
        "last_name": "Demo",
        "email": "[email protected]"
    }
 }
 ```

 Next step will be to integrate other routes with OAuth also.

 ## Components
 URL: I guess everyone knows this.
 grant_type: Type of grant requires in this case 'password'
 client_id: This is be the phone_app
 client_secret: The secret key for the phone_app
 username: The user issuing the Token
 password: The user pwd
 state: A unique value used by your application in order to prevent cross-site request forgery (CSRF) attacts
	# Description
	This documentation includes simple and more advanced usage of Mymxlog API.

	## Table of content
	* OAuth
	*

	## OAuth
	OAuth2 is a protocol that lets external apps request authorization to private details in a user’s GitHub account without getting their password. This is preferred over Basic Authentication because tokens can be limited to specific types of data, and can be revoked by users at any time.

	All applications need to register their application before getting started. A registered OAuth application is assigned a unique Client ID and Client Secret. The Client Secret should not be shared.

	## Password Flow
	First test ride of the token request(only a test, not access to other routes):

	``` client_id: 45xgmbg743 ```
	``` client_secret: S7Ixy91sqexn5BPXgSWX47AN80ZNVYD8 ```
	``` grant_type: password ```
	``` username: [email protected] ```
	``` password: 123123123 ```
	``` state: 123456789 (to be changed later on ...) ```

	Full URL:
	```
	dev2.mymxlog.com/oauth/access_token?grant_type=password&client_id=45xgmbg743&client_secret=S7Ixy91sqexn5BPXgSWX47AN80ZNVYD8&[email protected]&password=123123123&state=123456789
	```

	This way you'll be provided by(in my case):
	```
	{
	"access_token": "S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs",
	"token_type": "bearer",
	"expires": 1405969273,
	"expires_in": 604800,
	"refresh_token": "0cJoSg5QOR07kEFU7B2x7P0REyIiYyP9Vd0vaO9E"
	}
	```

	Make a call to the API routes like(E.x.):
	```
	dev2.mymxlog.com/api/v1/img/u/2000?s=200&access_token=S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs
	```

	## Description
	I guess this type of grant is enough for our phone_app.
	The Full URL above is used only once while authenticating the Client(e.x.: the phone app).
	After a successful authorization you will be granted by a Token(the one above).
	Once you get the token pass it to every as a parameter to the query:
	```
	dev2.mymxlog.com/api/v1/exampleRoute?access_token=S5c4aobHcUbJd26ymAfyJbS74jxGm7S1QNRUyKgs
	```

	Sample respond(in my case):
	[ A simple image resizer on fly. ]
	```
	{
	"img": "http://dev2.mymxlog.com/packages/spescina/imgproxy/200/200/1/90/avatars/[email protected]/790gxtBw.png",
	"usr_info": {
	"first_name": "Demo",
	"last_name": "Demo",
	"email": "[email protected]"
	}
	}
	```

	Next step will be to integrate other routes with OAuth also.

	## Components
	URL: I guess everyone knows this.
	grant_type: Type of grant requires in this case 'password'
	client_id: This is be the phone_app
	client_secret: The secret key for the phone_app
	username: The user issuing the Token
	password: The user pwd
	state: A unique value used by your application in order to prevent cross-site request forgery (CSRF) attacts