Authentication

Sony’s Lifelog API will be closed down at the end of May 2017. From that point, no further usage will be possible.

We apologize for any inconvenience caused.

You can keep up with our other API releases and updates here.

The Lifelog web API uses OAuth2 authentication, an open industry standard for authorizing web service calls. All communication requires a secure channel (SSL), and calls are made using the HTTPS protocol.

  • In order to gain access to the API, you must register a Lifelog platform application to obtain a set of application credentials (a client ID  and secret). You must provide a callback URL for authentication purposes, which will receive authorization from the Lifelog platform when a user logs in.
  • All API calls (after the initial request for authorization) are made on behalf of a user, and must be authorized with an access token for that user, which you pass in the Authorization header.
  • You use your application credentials to allow the user to log in, and to obtain an access token for the authenticated user.

Get a user-access token

The login procedure allows a user to provide their own login credentials for verification by a supported authentication authority, and returns an authorization code. You exchange this code for an access token that identifies the authenticated user in API requests.

Step 1: Generate an authorization code

When you request authorization, the Lifelog platform redirects the user to a page that allows the user to authenticate with their choice of login provider (currently Google or Sony Entertainment Network), then redirects the user to your application’s callback URL.

Direct your new user to the Lifelog platform authentication page, passing your own client ID, which was generated when you registered your application, and one or more of these scope values, which determine which kinds of data the token will allow the user to access:

lifelog.profile.read
lifelog.activities.read
lifelog.locations.read

To use multiple scopes, separate them by spaces. Provide these values in query parameters for a GET request, or in the body of a POST request. For example, to make a GET request:

https://platform.lifelog.sonymobile.com/oauth/2/authorize?client_id=YOUR_CLIENT_ID&scope=lifelog.profile.read+lifelog.activities.read+lifelog.locations.read

The final redirect to your callback URL contains the authorization code as the value of the code request parameter:

https://YOUR_CALLBACK_URL?code=abcdef

Step 2: Exchange authorization code for access token

To exchange the authorization code for the authenticated user for an access token, make a POST request with the body encoded as application/x-www-form-urlencoded to this endpoint:

https://platform.lifelog.sonymobile.com/oauth/2/token

You must include these parameters in the body of the request:

Parameter Value
client_id Your client ID, that was generated when you registered your Lifelog platform application.
client_secret Your client secret, that was generated when you registered your Lifelog platform application.
grant_type The literal string “authorization_code”
code The authorization code you received in response to your authenticate request.

The body of the response contains the access token itself, along with information about the token and a refresh token that you use to obtain a new token when this access token expires:

Example authorization code request:

POST https://platform.lifelog.sonymobile.com/oauth/2/token
body: client_id=1234567&client_secret=abcdef&grant_type=authorization_code&code=abcdef

Example authorization code response:

{

"access_token" : "1234abcdef",

"expires_in" : 1799,

"token_type" : "bearer",

"refresh_token" : "4321fedcba",

"refresh_token_expires_in": 0

}

Use the access token in requests

When you have an access token you can start making API calls. Pass the user’s access token in the Authorization header as described in the OAuth 2 specification.

Authorization: Bearer abcdef1234
GET https://platform.lifelog.sonymobile.com/v1/users/me

Token validity

An access token is granted for an explicit time period, and is no longer valid after that period expires. A token can also be revoked by the user, see Revoke a token below.

If you authorize a call with a token that is no longer valid, the server responds with HTTP 401 Unauthorized status. When this happens, you can get a new token for the same log-in session; see Refresh an expired token below.You could also allow the user to log in again and get a new, valid, access token.

Refresh an expired token

When you request an access token, the response also includes a refresh token, which you use to request a new access token when the first one expires, or has been compromised in any way. To request a new access token, make a POST request with the body encoded as application/x-www-form-urlencoded to this endpoint:

https://platform.lifelog.sonymobile.com/oauth/2/refresh_token

The body of the request must contain these parameters:

Parameter Value
client_id Your client ID, that was generated when you registered your Lifelog platform application.
client_secret Your client secret, that was generated when you registered your Lifelog platform application.
grant_type The literal string “refresh_token”.
refresh_token The refresh token you obtained in the authorization code response.

When the request succeeds, the response contains the new access token along with a new refresh token.

Example refresh token request:

POST https://platform.lifelog.sonymobile.com/oauth/2/refresh_token
body: client_id=1234567&client_secret=abcdef&grant_type=refresh_token&refresh_token=abcdef

Example refresh token response:

{
   "access_token" : "1234abcdef",
   "application_name" : "15b62044-e030-44d5-a7fe-6a01afd5cdb8",
   "client_id" : "1234567",
   "developer.email" : "developer@example.com",
   "expires_in" : "1799",
   "issued_at" : "1415866128810",
   "old_access_token_life_time" : "302748",
   "organization_name" : "example",
   "refresh_count" : "1",
   "refresh_token_expires_in" : "0",
   "refresh_token_issued_at" : "1415866128810",
   "refresh_token" : "4321fedcba",
   "refresh_token_status" : "approved",
   "scope" : "lifelog.profile.read",
   "status" : "approved",
   "token_type" : "BearerToken"
}

Revoke an access token

People can revoke permissions granted to your app in the Lifelog app user interface at any time after they have logged in. They can do so by accessing the “Connected Apps” option on the Lifelog website.

If you authorize a call with a token that is no longer valid, the server responds with HTTP 401 Unauthorized status.