The Voice of O365 has an API to make changes to your account. The API gives access to various parts of our portal and backend systems.
Access
The API uses a JWT token to update data. By sending a request to the token service with a username/password a JWT token is returned to update the system.
Example request to get a token from your API:
POST /user_token {"auth": {"email": "foo@bar.com", "password": "secret"}}
Example response from the API:
201 Created
{"jwt": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9"}
To make an authenticated request to your API, you need to pass the token via the request header:
Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9
GET /my_resources
Knock responds with a 404 Not Found
when the user cannot be found or the password is invalid. This is a security best practice to avoid giving away information about the existence or not of a particular user.
NB: HTTPS should always be enabled when sending a password or token in your request.