The CoSync REST API provides interfaces for a client device to access the CoSync REST service, which is at, when using the SANDBOX of the COSYNC AUTH authentication system.

The primary purpose of the CoSync REST API service is to provide a client side application with functions to access the COSYNC AUTH authentication service.

Headers #

Request Headers #

Unless specified otherwise, requests must have the following headers:

        app-token: "<App Token>"
        access-token: "<Access Token>"

The app-token request is done if the user is not logged in. The access-token request is done if the user is logged in.

The app-token is retrieved from the CoSync Portal in the application detail under by the developer in the Keys section of the specific app. The app-token is only known by the developer and is associated with the application. The CoSync Auth service uses this app-token to verify developer identity to authorize access to the application.

The access-token is returned to the client when a user is authenticated by the CoSync REST API for the CoSync Auth authentication service, it is returned alongside the JWT token for the user logging in. The access-token is associated with a particular user of the application, this is different from the app-token that is associated with a developer.