Access as Anonymous User

You can use these two methods to execute the REST API as anonymous user.

Execution with Basic Authentication

You use Basic authentication every time you access the application as anonymous user.

Basic authentication is processed by specifying AppID as a username and an arbitrary value as a password. Specifically, a request is sent with the Authorization: Basic header containing a Base64-encoded string of concatenated AppID and an arbitrary value with a colon (:) in between the two values.

For example, suppose that your appID and an arbitrary value are 12345678 and 1234567890abcdef1234567890abcdef, respectively. You will concatenate these values as 12345678:1234567890abcdef1234567890abcdef and then Base64-encode it to get the value MTIzNDU2Nzg6MTIzNDU2Nzg5MGFiY2RlZjEyMzQ1Njc4OTBhYmNkZWY=. You will embed this value in the Authorization: Basic header.

Execution with an Anonymous User Token

You get an anonymous user token and embed it to the HTTP header Authorization: Bearer in subsequent processes.

See the below example to get an anonymous user token.

curl -v -X POST \
  -H "Authorization: Basic {BASE64_ENCODED_APPID_AND_APPKEY}" \
  -H "Content-Type: application/json" \
  "https://api.kii.com/api/apps/{APP_ID}/oauth2/token" \
  -d '{
        "grant_type": "client_credentials",
        "client_id": "{APP_ID}",
        "client_secret": "{APP_KEY}",
        "expiresAt": {EXPIRED_TIME}
      }'

You get an anonymous token with Basic Authentication. Replace {BASE64_ENCODED_APPID_AND_APPKEY} with a Base64-encoded string of concatenated AppID and an arbitrary with a colon (:) in between the two values.

Replace {APP_ID} and {APP_KEY} with your application's AppID and an arbitrary value, respectively. Additionally, you can set the expiration time in UNIX time (msec) in UTC by the expiresAt parameter. An anonymous user token will not expire if an expiration time is not set.

Kii Cloud responds as below when it receives a valid AppID. "access_token" in the response is an anonymous user token. "expires_in" is a lifetime in seconds of the anonymous access token.

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/json
Transfer-Encoding: chunked
Date: Mon, 14 May 2012 17:36:41 GMT

{
  "id" : "ANONYMOUS",
  "access_token" : "n44aWtuguvJ9bvwDydXR3sDCSMOBb4ApSSD_Ls8",
  "expires_in" : 2147483646,
  "token_type" : "bearer"
}