By quantimodo
Updated a year ago
QuantiModo Overview

QuantiModo will automatically aggregate life-tracking data from your users apps and devices with a single API. It can then analyze this data allowing you to provide your users with actionable insights they can use to optimize their lives.

add first rating
Followers on API
Follow this API
resourcesProvider WebsiteTerms of Service
More Details

Example Heading

Guide will go here

console.log('hello world');

OAuth Implementation Guide

Using OAuth 2.0 to Access QuantiModo APIs

Quantimodo APIs use the OAuth 2.0 protocol for authentication and authorization. To begin, obtain OAuth 2.0 client credentials from QuantiModo Developer Registration Portal. Once you have our reply with the credentials, Then your client application should request an access token from the QuantiModo Server, then extract the token from the response, and send the token to the QuantiModo API for further method calls.

Basic Steps

All applications follow a basic pattern when accessing QuantiModo API using oAuth 2.0. At a high level, you follow four steps:

1. Obtain OAuth 2.0 credentials from the QuantiModo Developer Registration Portal.

Visit the QuantiModo Developer Registration Portal to obtain OAuth 2.0 credentials such as a client ID and client secret that are known to both QuantiModo API.

2. Obtain an access token from the Authorization Server.

Before your application can access data using QuantiModo API, it must obtain an access token that grants access to the API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.

3. Send the access token to API.

After an application obtains an access token, it sends the token to the QuantiModo API in an HTTP authorization header.

Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for only reading data, it does not grant access to making changes to data.

4. Refresh the access token, if necessary.

Access tokens have limited lifetimes. If your application needs access to QuantiModo API beyond the lifetime of a single access token, it can make use of the refresh token. A refresh token allows your application to obtain new access tokens.

Token Expiration

You should write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons:

  1. The user has revoked access.
  2. The token has not been used for the maximum threshold time.
  3. The user account has exceeded a certain number of token requests.

Implementation Guide

1. Register your application.

Register your client Application With QuantiModo Developer Registration Portal.

For Web-apps, make sure to give a live Redirect URL. QuantiModo will return the Access Token as a Query Parameter at the token.

For Mobile-Web apps such as Ionic/PhoneGap you can give any placeholder URL as a Redirect URL such as http://localhost/callback, as we will only make use of it as a signal that the device has received an access token.

2. Send Authorization Request.

Head over to GET Authorization Token section of the QuantiModo API.

For Web apps navigate the user to https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorize with the required headers such as your client_id and client_secret. Set the response_type to code for allowing us to get the authorization token through another request.

You can redirect simply:

// to redirect the same webpage
window.location.href = “https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorize?response_type=code&client_id=some_id&client_secret=our_secret”;

This will redirect the user to the login page, where user can login and when user grant’s permissions, it will redirect back to the URL your client app has provided as the Redirect URL

For Mobile Web apps: We can make use of the cordova plugin InAppBrowser to open the url. InAppBrowser let’s you open the native browser on top of your app with a seamless experience.

Add the plugin by running this command:

cordova plugin add https://git-wip-us.apache.org/repos/asf/cordova-plugin-inappbrowser.git

Once done, you can open a url simply by calling

var url = “https://quantimodo-quantimodo-v1.p.mashape.com/oauth2/authorize?response_type=code&client_id=some_id&client_secret=our_secret”;

var ref = window.open(url,’_blank’);

This will open the browser on top of your app which will ask the user to login and authorize the permission, upon user’s submission, the browser will then redirect to the redirect url your app has provided before.

3. Extract Token from the Url

Web apps can extract the authorizationtoken from the url, when they are navigated back to the URL provided as the redirecturl.

They can do it via:

var getUrlParameter = function (url, sParam) {
    var sPageURL = url.split(‘?’)[1];
    var sURLVariables = sPageURL.split(‘&’);
    for (var i = 0; i < sURLVariables.length; i++)
    var sParameterName = sURLVariables[i].split(‘=‘);
    if (sParameterName[0] == sParam) return sParameterName[1];
    return false;

var code = getUrlParameter(window.location.href.toString(),’code’);
var error = getUrlParameter(window.location.href.toString(),’error’);

Mobile web apps should listen on the loadstart event of the InAppBrowser and match the url with the redirect URL, using it as a signal that the server has responded.

To achieve that,

// extract url parameters
// returns the value of the search term or false
var getUrlParameter = function (url, sParam) {
var sPageURL = url.split(‘?’)[1];
var sURLVariables = sPageURL.split(‘&’);
for (var i = 0; i < sURLVariables.length; i++)
var sParameterName = sURLVariables[i].split(‘=‘);
if (sParameterName[0] == sParam) return sParameterName[1];
return false;

// open InAppBrowser
var ref = window.open(url,’_blank’);

// Listen on loadstar event
ref.addEventListener(‘loadstart’, function(event) {
if(event.url.indexOf(“/callback”)!== -1) {
if(!utilsService.getUrlParameter(event.url,’error’)) {
var token = getUrlParameter(event.url, ‘code’);
// Got the Authorization Token
} else {
console.log(getUrlParameter(event.url, ‘error’));

# 4. Send the Authorization Token to Receive a Request Token.

* Head over to `https://www.mashape.com/quantimodo/quantimodo#get-access-token` for the QuantiModo’s API call for generating Access Tokens. 

* Make a `GET` request to `https://quantimodo-quantimodo-v1.p.mashape.com/api/oauth2/token` with the authorization token as a query parameter and a client_id and client_secret as before. (with other optional parameters. [`See docs`](https://www.mashape.com/quantimodo/quantimodo#get-access-token)) You will receive the access Token which can be used to make any other API requests that you wish to make.

# 5. Make other API requests with the request Token attached as a Header.

You should attach `Authorization` header with a value of `Bearer sample_access_token`


var request = {
method : 'GET',
url: 'api/sample',
responseType: 'json',
headers : {
"Authorization" : "Bearer " + token.access_token,
'Content-Type': "application/json"

// do something with the response

##Refreshing the token

Once you receive the token as a repsonse from `api/oauth2/token` your application should make use of the `expires_in` value in response. This represents the time in after when the token is going to expire, make sure that you refresh the token before the token expires.

> To `renew` an expired token you can make the call to `api/oauth2/token` with `refresh_token` as a parameter, this time you will have to set the `grant_type` to `refresh_token`.

// example refrefhtoken request $http.post('api/oauth2/token', { clientid : 'myclientid',
clientsecret : 'myclientsecret', refreshtoken: localStorage.refreshtoken || 'myrefreshtoken', granttype: 'refresh_token'

You can keep track of the time by calculating `expires at` in milliseconds EPOCH and storing it.

// calculate expiry time in milliseconds epoch
var expiresin = response.expiresin;
var expiresat = new Date().getTime() + parseInt(expiresin, 10) * 1000 - 60000;

// store the time in localstorage
localStorage.expiresat = expiresat;

// store the accesstoken in localstorage localStorage.accesstoken = response.access_token;

// store the refreshtoken in localstorage localStorage.refreshtoken = response.refresh_token;

Now everytime, we make a request to API, we can check it if the token has expired or not i.e `current time is greater then expired time` or not.

var now = new Date().getTime();
if (now < localStorage.expires_at) {
// valid token
// make requests further
} else {
// invalid token please refresh the token

Have a question about this API?Ask the API Provider.
Developers who viewed QuantiModo also viewed

Install SDK for (Node.js)Unirest

OAuth2 Authentication
Client ID
Client Secret
OAuth2 Authentication