This is the first public facing API we’ve developed and we spent considerable effort examining other successful APIs for inspiration. We wanted an intuitive [RESTful](http://en.wikipedia.org/wiki/Representational_State_Transfer) API that always returned JSON and didn’t have a bunch of crufty stuff surrounding every request. APIs which require a bunch of custom headers on every request or have [uncommon authentication schemes](http://docs.amazonwebservices.com/AmazonS3/latest/index.html?RESTAuthentication.html) present a significant barrier to entry to the average programmer unless a robust client library already exists in their favorite language.
For authentication, we really like [Github’s](http://develop.github.com/p/general.html) model. All authentication happens via HTTP basic over HTTPS and can take two forms. First, you can authenticate your regular username and password. Or, you can use an API token as your password and add “/token” to your username, just like Github. Unlike Github, if you change your password for Strongspace, your API token does not change. Also all Strongspace API requests must be performed via HTTPS.
To retrieve your API token:
:reset = “true” [optional – generates a new API token]
curl -u username:password https://www.strongspace.com/api/v1/api_token
curl -u username:password https://www.strongspace.com/api/v1/api_token?reset=true
returns the JSON: