Requesting Profiles and Bearer Tokens 

It is possible to call the API with credentials and request the profile and corresponding bearer token using the getuser endpoint.  This allows developers to prompt for credentials, obtain the corresponding bearer token, and then use the token for the duration of the session without storing any authentication information in source code or databases.  

The getuser endpoint supports getting information about a user's token or profile using either a GET or POST method.  The following example shows requesting the token, and presumes that the user's credentials are passed in the basic header.

POST /api/v1/getuser HTTP/1.1
Host: api.statebook.com
Content-Type: application/json
Authorization: Bearer demo
{
  "data": [
    "profile",
    "token"
    ]
}

var response = {
{
  "status": {
    "id": "01069e7d-7540-4066-adb4-8b6cf867d9f6",
    "timestamp": "2022-07-29T22:46:47.211636Z",
    "version": "1.0.0",
    "license": "The data returned from this StateBook Data API call is restricted
    and may only be used in accordance with the terms of a current and
    valid StateBook Data API license. Any other use is strictly prohibited."
  },
  "data": {
    "profile": {
      "username": "demo"
    },
    "tokens": [
      {
        "token": "demo",
        "name": "demo"
      }
    ]
  }
}