“REST” stands for Representational State Transfer. It’s an architectural style that’s an alternative to SOAP-based web services.

the StoryChief API has what we call “resources” like “stories” or “users”. You take action on resources using the standard HTTP methods: POST, GET, PATCH, and DELETE.

About the StoryChief API

The base URL for the API is: https://api.storychief.io/1.0/
All responses are JSON
Authentication is done by bearer-token.

Example headers

Accept: application/json
Authorization: Bearer xxxx.....
Content-Type: application/json

Access and Authentication

Option 1: access using API key

  1. In your StoryChief account, navigate to Account -> API
  2. Under "Your API keys" click + New token.
  3. Input a name for future reference.

After creation, an access_token will be provided to perform API calls

Option 2: access using Oauth

For developers integrating platforms that require access to other StoryChief users' accounts, we recommend using OAuth2 for authorization. OAuth2 is a secure option that allows third-party applications to access a server without passing user credentials or API keys. Note that we recommend using HTTPS for your redirect_uri. We don't expire tokens.

Register Your Application

Start by registering your app in StoryChief:

  1. In your StoryChief account, navigate to Account -> API
  2. Under the “Developing an App?” heading, click Register and Manage Your Apps.
  3. Click + New App.
  4. Input your app's information and click Create.

After creation, you’ll receive the Client ID and Client Secret. Do not share the Client ID and Client Secret.

Endpoints

OAuth2 exposes three specific endpoints.

Flow

  1. To start your application’s connection to StoryChief, start by sending the user to the authorize_uri.
  2. The user will input their username and password to approve your application. “Remember Me” cookies aren’t permitted here.
  3. After the user authorizes your application, our server will redirect your user back to the redirect_uri, along with a code you can exchange for an access_token. The code is valid for 30 seconds.
  4. Your application should then make an out-of-band request to the access_token_uri using the code our server provided.
  5. Our server returns an access_token, which completes the official OAuth2 flow.

Available resources

Did this answer your question?