Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Data API Workflow

This workflow may be used by clients interested in making queries to /data on the behalf of an authenticated iRacing member. Previously, clients might have been constrained to using only the parts of the Data API which are not customer-specific. This workflow allows the client to access the full Data API without the need to handle user passwords.

Goals

  1. Use the full Data API without handling user passwords.

Prerequisites and Assumptions

  1. The client has been registered with an audience of data-server.
  2. The client can store access and refresh tokens securely.

Steps

  1. The client checks to see if it has an access token which has not expired. If so, it may use the access token as a Bearer token in the Authorization header while making requests to the Data API. It may continue to make requests until the access token expires or is otherwise invalidated.
  2. The client checks to see if it has a refresh token which has not expired. If so, it may use the refresh token with the /token endpoint to obtain a new access token and a new refresh token. The client securely stores the new tokens. Return to Step 1.
  3. If the client has no valid access or refresh token, the client starts an Authentication and Authorization flow by invoking /authorize. The client should request the scope iracing.auth to allow making requests as the authenticated user and specify the correct redirect_uri registered to the client.
  4. The user is asked to login and is told that the client has requested access to iRacing services. It is assumed the user will approve. The browser is redirected to the redirect_uri with a code.
  5. The client receives the code at its redirect_uri. It may then use /token to trade the code for an access token and a refresh token. The client securely stores the new tokens. Return to Step 1.