/api/v1/
Params:
- location
- tool
- badge_id
- state=initial,extend,cancel
- auth_minutes (number)
Requests should also authenticated, for example with an api_key param, or by
ssl client cert.
The server can make assumptions about the total authorized time, for example if requests like this happen:
auth_minutes=30,state=initialat t=0auth_minutes=30,state=extendat t=22
That the total authorized time for usage stats is only 22+30 minutes.
This API requires the client to only store minimal state -- the badge_id
(which must be re-sent), and whether a session is in progress to differentiate
initial vs extend.