Design guidelines

For both speed and security, the Boka API is asynchronous and REST-based. This implies that no sessions are stored on the Boka Servers and that each request is validated.

With this in mind, we recommend that you design your application to keep track of the information needed and thus keeping the calls to the API to a minimum.

User first

To benefit from using the Boka API, design your application to be user-first. That means that your user should be as high up in the hierarchy as possible and be the owner of any resource in your application. Any Boka user should be able to use your application.

To enable your application to access all functions in the SDK, the first thing you need to do is to authenticate your user to our API. Please see the Authentication page for details.



This illustration shows the intended communication process when using the Boka API.

Step 1 - Authentication

Through the SDK, you authenticate your users against our API.

Step 2 - User input

When authenticated, you let your user into your application.

Step 3 - Service communication

Any data that you either want to store or retrieve from the Boka API is communicated and restricted to the authenticated user.