There are two authentication mechanisms for accessing the Foodetective API. To begin, create an application so that you can follow along with authenticating and making requests on the API. Note that you will have to sign in with a Foodetective for business account.
A server token can be used to access data that does not require a Foodetective user context. It can be generated using the OAuth 2.0 client_credentials flow. Please note that your server token is considered sensitive and it is your responsibility to protect it.
A user access token is required when a Foodetective user context is necessary. The Foodetective API uses OAuth 2.0 to allow developers to get a user access token to access a single user’s data or do actions on their behalf. OAuth 2.0 is a specification outlined in RFC 6749 that allows third-party services to make requests on behalf of a user without accessing passwords and other sensitive information.
You can find informations on how to obtain each token in the API documentaion.
Contact the Foodetective team and share the
client_id for your application to
request access to the
refresh_token scopes. Once your application is whitelisted you
will be able to make request to the API.
client_id identifies your application. Treat it like a username. The
client_secret is your application’s password. Protect it like a password and
contact the Fodetective team should you ever suspect it has been leaked.