Mobile/Client Application: Request and Authentication Guide for Borrowing Books

Summary

This guide documents the types of requests that the Palace App's mobile applications send to the Content Manager (CM) when trying to borrow a book. It includes details on how barcode and password/PIN information are used to authenticate users. This documentation will be useful for external integration teams looking to build integrations into our systems.

Authentication Types

The Palace App uses two primary forms of authentication: Basic and the newly introduced Token Authentication.

Basic Authentication

In Basic Authentication, the barcode and PIN/password are combined into a single string separated by a colon. This string is then Base64 encoded and sent as part of the HTTP header to authenticate the user.

Steps to Generate the Basic Authentication Header:

1. Concatenate the Barcode and PIN: The barcode and PIN are concatenated with a colon in between. For example, if the barcode is 123456 and the PIN is 7890, the concatenated string would be 123456:7890.
2. Base64 Encode the Concatenated String: The concatenated string is then Base64 encoded. Using the example above, the string 123456:7890 would be Base64 encoded to MTIzNDU2Ojc4OTA=.
3. Add to HTTP Header: The Base64 encoded string is then added to the HTTP Authorization header prefixed with the word Basic followed by a space. So, the final header would look like:

Authorization: Basic MTIzNDU2Ojc4OTA=

Example

Borrow

Header:

Accept-Language: ""
Authorization: Basic MTIzNDU2Ojc4OTA=

Endpoint:

GET <https://gorgon.staging.palaceproject.io/lyrasis-reads/works/URI/urn:uuid:ce3311a0-be66-4067-a737-d8f0362eddc2/borrow>

Download

Header: