API: Structure of an access token
If the authentication process was successful, an access token with some additional data is returned. The same is true, if the access token was renewed. The response is structured as a symbolic expression list, with the following elements:
The type of the token, always set to "Bearer", as described in RFC 6750
The token itself, which is technically the string representation of a symbolic expression containing relevant data, plus a check sum.
- The symbolic expression has the form (KIND USERNAME NOW EXPIRE Z-ID)
- KIND is 0 for an API access, 1 if it created for the Web user interface.
- USERNAME is the user name of the user.
- NOW is a timestamp of the current time.
- EXPIRE is the timestamp when the access token expires.
- Z-ID is the zettel identifier of the user zettel.
The symbolic expression is encoded via “base64”. Based on this encoding, a checksum is calculated, also encoded via “base64”. Both encoded values are concatenated, with a period (".") as a delimiter.