How to use the Cosync REST API Service

The Cosync REST API provides interfaces for a client device to access the Cosync REST service, which is at

The primary purpose of the Cosync REST API service is to provide a client side application with functions to access the CosyncJWT authentication service.


Request Headers

Unless specified otherwise, requests must have the following headers:

        app-token: "<App Token>"
        access-token: "<Access Token>"

The app-token request is done if the user is not logged in. The access-token request is done if the user is logged in.

The app-token is retrieved from the Cosync Portal in the application detail under by the developer in the Keys section of the specific app. The app-token is only known by the developer and is associated with the application. The CosyncJWT service uses this app-token to verify developer identity to authorize access to the application.

The access-token is returned to the client when a user is authenticated by the Cosync REST API for the CosyncJWT authentication service, it is returned alongside the JWT token for the user logging in. The access-token is associated with a particular user of the application, this is different from the app-token that is associated with a developer.