You will first need a user with appropriate permissions to access any of the endpoints. The API relies on a user/pass/token to be sent before any API requests can be made to any of the endpoints. It is recommended that the first call made, is the user/pass/token and then the token be stored locally. The token can later be sent along with each payload to determine a user's permissions.

To start, setup a new user in the Ellington Authentication and Authorization app. This user will need to be a staff member to have access to the API. As mentioned in the introduction, the API relies on the Permissions system in Ellington to determine what a user can and can't access via the API. For instance, if you want the user to be able to access news.story endpoints, then they will need permissions applied to their account for the News/Story model (can add, can edit, can delete, etc).

Next, navigate to the Ellington Auth Token app and add a new token. Select the user you wish to setup a token for and press save.

This will generate the key for you that you can utilize in your API calls

Depending on the language chosen, these instructions may vary. For the purpose of this documentation we are going to stick to command line CURL requests, adapt as you see fit for your desired language.

To get your auth token and store it via the API, you will need to make a POST request with the username and password you have setup. Below is an example of what this POST request should look like:

This should return you a 200 response with a token in JSON format like the example below:

Store this token for future use. You now have everything necessary to make more endpoint requests to the Ellington CMS.