CloudQuote lets you access data from our data warehouse, in a variety of different formats, include JSON, XML, CSV, and more.
To access our data, your front-end or back-end application can authenticate with the CloudQuote API platform in a variety of different ways.
A front-end application is any application whose code is run by a user, and which retrieves data directly from CloudQuote.
Examples of this type of application would include:
Since front-end applications are run by the user, CloudQuote operates on the premise that all data within the application is insecure. Since all data in the application is insecure, CloudQuote relies on the application passing through certain identifying information to authenticate the origin of the request, and then uses heuristics to identify patterns of unauthorized access.
For a front end application, the following access methods are supported:
A back-end application is any application whose code is exclusively run on a server, in a private manner, with details such as API keys shielded from public view
Examples of this type of application would include:
Since back-end applications are run on the server, CloudQuote operates on the premise that either the code for the application is secure OR that the location of the server that the code runs on is static.
For a back-end application, the following access methods are supported:
To create your application keys or to whitelist domain names or IP address for API access, follow these steps:
A whitelisted domain allows a front-end application to access the CloudQuote API, and to make cross-domain requests using CORS.
When using a whitelisted domain to access the CloudQuote API, the following requirements must be satisfied or the request will be rejected:
A Private Application Key allows a back-end application to access the CloudQuote API
When using a Private Application Key to access the CloudQuote API, the following requirements must be satisfied or the request will be rejected:
A Public Application Key is used together with a secondary authorization mechanism to access the CloudQuote API. The role of a Public Application Key is to identify the application accessing the CloudQuote API, while the secondary authorization mechanism will verify the authorization of the user to use CloudQuote on behalf of the application
When using a Public Application Key to access the CloudQuote API, the following requirements must be satisfied or the request will be rejected:
A User Key Check is a process where a user is given a key by your application, which is passed to the CloudQuote API. Upon first seeing this key, CloudQuote will contact your application to verify that this key is valid. CloudQuote will also contact your application after a certain interval has passed to verify that the key is still valid.
The key can be an OAuth Access Token, JSON Web Token, or any other chunk of information which provides a verifiable authorization of the user to your application.
It is extremely important that the User Key expire after a very short duration, for example 1-5 minutes, to minimize spoofing of requests by a malicious user
CloudQuote supports and recommends OAuth, but it is up to the application to implement it.
CloudQuote assumes a passive role in the OAuth process, simply forwarding the user key to an endpoint you define, at which point you can verify that the user should be allowed access.
Once an application has generated an OAuth Access Token, it should be passed to the CloudQuote API as a user key, where it will be verified using an endpoint you define.
A Whitelisted IP Address Range allows a specific range of host access to the CloudQuote API
When using a Whitelisted IP Address Range to access the CloudQuote API, the following requirements must be satisfied or the request will be rejected: