REST APIs that use JSON in payloads suggest that the only data available is text based, but there are often URLs pointing to rich media content (like images) that you might want to be able to download as well. 

Since all of TrackTik's data is protected behind encryption tunnels and access tokens, there needs to be a means to grant permission to rich media for downloading while protecting this. 

One approach that was implemented was to use a Media Token that can be appended to the URL of a rich media file, and another is reading the Bearer token from request headers.

We're working on making everything consistent but we're not there yet, so you'll find some instances where you'll be able to use your current non-expired Bearer token to shape a header and download things (like PDF invoices), but most of the time you'll need to use a Media Token (like Report images).

Example of a payload from an access_token request to a TrackTik portal using an API Service Account:

{
	"id_token":"eyJ0eXAi......",
	"media_token":"23367f204.......",        <=========
	"token_type":"Bearer",
	"expires_in":3599,
	"access_token":"eyJ0eXAiO........",
	"refresh_token":"def50200........"
}

A Media Token Authenticated URI Request

To use the mediaToken with a URI, you add it to the end as a parameter.

[GET] /clients?sort=-id

{
  "company": "Mid State Fair",
  "customId": "766",
  "firstName": "",
  "lastName": "",
  "jobTitle": "",
  "primaryPhone": "",
  "secondaryPhone": "",
  "type": "CLIENT",
  "region": 7,
  "status": "ACTIVE",
  "address": 1481,
  "email": "",
  "closedDate": null,
  "id": 766,
=>"avatar": "https://innovation.staffr.net/rest/v1/avatar/clients/766/07035a44ac2af23a3780bbf806f79222"
        }

The Avatar URI of this Client is https://innovation.staffr.net/rest/v1/avatar/clients/766/07035a44ac2af23a3780bbf806f79222

To access this with another HTTP Agent, you append ?mediaToken=xxxxxx

E.g.

https://innovation.staffr.net/rest/v1/avatar/clients/766/07035a44ac2af23a3780bbf806f79222?mediaToken=23367f204.......