API

Documentation for the Resonite API which can be used by external apps to communicate with Resonite.

This documentation is unofficial and incomplete and may break at any time.

The main API URL is https://api.resonite.com/

Many endpoints of the Resonite API require authentication by means of an authorization token.

This token needs to be sent as a Authorization HTTP request header on endpoints that require it:

Authorization: res <user-id>:<token>

Note that user-id is not the same as your username. Migrated accounts may have user-ids that are similar to their username, but newly created accounts will get a random user-id assigned to them. User-ids always start with U-.

To get a token, send a POST request to https://api.resonite.com/userSessions with the following body:

{
    "username": "<username>",
    "authentication": {
        "$type" : "password",
        "password": "<password>"
    },
    "secretMachineId": "<secret-machine-id>",
    "rememberMe": true
}

• username and password are your account credentials. DO NOT replace the "password" specifier in the "$type" field.
• secretMachineId can be a random UUIDv4
• The rememberMe flag determines how long the resulting token will be valid. If it is set to true, the token will be valid for 30 days.

This authentication request also needs additional headers:

UID: <uid>
TOTP: <totp>

• UID should be a sha256 hash based on information about the hardware this request was sent from, so every device that connects to the API should have its own unique string that never changes. You can however just use any random sha256 hash if you do not want to generate it specifically for your hardware.
• TOTP is a four number code generated by your two-factor authentication (2FA) application of choice and only needs to be sent if 2FA is enabled for your user account.

The API should respond with a JSON object containing information about the created user-session, most importantly the token used for authentication as well as your user-id.