Normally, an API token is required to access the MyTimetable API. For OAuth authorisation, an client id and secret are necessary. This document describes how these API and OAuth access tokens can be managed by an administrative user.
All tokens can be managed directly in the MyTimetable user preferences database. This can be done using a SQL client application, like Microsoft SQL Server Management Studio. Currently, there is no administrative (web) interface to configure OAuth tokens. Some settings and changes may be cached for 5 minutes.
API tokens can be managed through the MyTimetable administrative interface.
In case the administrative interface is not available, API tokens can be found in the table
api_tokens. The following list describes the columns of this table:
|Description of the application, only used for administrative and logging purposes.|
|Token the application should use in its requests.|
To use the OAuth authorisation options in MyTimetable, an application requires an client id and secret. These can be entered in the table
oauth_client_details. A client should provide its client id and the web server redirect URL. The following list describes the columns of this table:
|The client identifier. Shown in the MyTimetable web interface and used by the OAuth client to identify itself. Should consist of only characters in the range [A-Za-z0-9].|
|The resources a client can access, comma-delimited. Not used by MyTimetable, enter |
The secret a client uses to identify itself. This is specified as a Spring Security hash. Possible options:
|The scopes a client can request, comma-delimited. Choose from the following list (comma-separated): |
|Grant types the client can use. MyTimetable only supports the |
|The URL that should be used by the client to receive the access code. This must exactly match the redirect_uri used by the client. Strongly recommended to use HTTPS URLs.|
|Authorities of the OAuth client. Not used by MyTimetable, enter |
|Time an OAuth token will be valid, in seconds. 0 for an non-expiring token.|
|Refresh tokens are currently not supported by MyTimetable, enter |
|Additional information can be entered in this field. Currently, this information is not used by MyTimetable, enter |
|List of scopes to automatically approve, or true to approve all scopes.|