What is the difference between an API Token and a Personal Token?
I'm trying to develop an Android DigitalOcean app, and I'm having a hard time with authorization.
Currently, I am using this library to access DigitalOcean's API from Java. Here's what I'm doing in terms of authentication:
- If no token is stored, open the login activity. ASK (I'm not prompting for specific credentials) the user to authorize the app.
- Upon clicking the button, a WebView comes up with the URL set to the URL that is given in the Apps & API page for my app.
- The user then logs into DigitalOcean, and DigitalOcean asks the user if they'd like to allow my app to read their information.
- User clicks yes, DigitalOcean redirects to callback URL with the token as a parameter. My app is configured to open the URL scheme, and extracts the token.
- I open up the main activity, the activity gets the token and passes it to the Java wrapper I'm using
- Finally, I try to grab the available droplets, and get an "Unable to authenticate you" error...
I pulled the token from the app and tried to manually use it in cURL with
curl -X GET -H 'Content-Type: application/json' -H 'Authorization: Bearer MyTokenFromAppHere' "https://api.digitalocean.com/v2/droplets?page=1&per_page=1"
I also get the unable to authenticate message. Now when I replace the token with a personal token, I get the expected response (a listing of my droplets).
So my main question is, what's the difference between an OAuth API token, and a personal token? Surely I'm not supposed to ask the user to generate a personal token to plug into the app, right...?
Edit: Also, I tried basic authentication (-u "TokenHere:") and still the same message.