# Getting Started The API can be called under the following address: ``` https:///api/ ``` The collections and resources are described in the [Collections](/api/collections.md) section. ## Authorization Some collections need authentication while others can be called without. To authenticate a request you have to send the JSON web token to the backend.\ There are two ways to do so * **Authorization Header**\ Set the *Bearer* token in the *Authorization* header. ``` Authorization: Bearer ``` > **\** - Full JSON web token in form of header.payload.signature. * **Cookies**\ To prevent that the Javascript code of the website has access to the full jwt the token is splitted in two seperate cookies. * jwt\_hp - Normal cookie with the header and payload of the jwt as value. * jwt\_s - HTTP only cookie with the signature as value. To get the token use the login method from the [api/authentication](/api/collections.html#authentication). ## Return values The API always returns data in JSON format. If the request was successfull it will return status code 200 and the requested data. * [200 - OK](https://httpstatuses.com/200)\ Request was successfull. Optional the response has a JSON object with the data included. If a request is not successfull it will set a HTML status code and return a JSON object with a status and an error message included. ```json { "error": "", "message": "" } ``` * [400 - Bad Request](https://httpstatuses.com/400)\ The request was invalid. (e.g. parameter missing) * [401 - Unauthorized](https://httpstatuses.com/401)\ The request was not properly authorized. (e.g. token invalid, token missing) * [403 - Forbidden](https://httpstatuses.com/403)\ The user does not have the required permissions. * [404 - Not Found](https://httpstatuses.com/404)\ The requested resource was not found. * [500 - Internal Server Error](https://httpstatuses.com/500)\ A server-side error occurred. * [501 - Not Implemented](https://httpstatuses.com/501)\ The API endpoint is not implemented.