Authentication
In order to access and interact with our API endpoints, authentication is required using the JSON Web Token (JWT ↗) standard.
This page will guide you through the process of obtaining and attaching the JWT token to your requests' headers. The JWT token serves as a secure and efficient way to verify the identity of the user and authorize access to protected resources.
By following the instructions provided here, you will be able to successfully authenticate your requests and ensure the security of your interactions with our API. Let's dive in and explore the details of the authentication process.
Create API operator
Follow the official documentation ↗ to create API operator, and save the generated credentials:
API Key ID
API Key secret
Request a JWT
You can exchange API Key ID
+ API Key secret
for a valid JWT ↗ on the target workspace
:
bash
curl $API_BASE_URL/auth/token \
-H "Content-Type: application/json" \
-X POST --data '{
"workspace": "<workspace>",
"apiKeyId": "<api-key-id>",
"apiKeySecret": "<api-key-secret>"
}'
Response will look like:
json
{
"accessToken": "eyJhbGci...ZDi022eQ",
"expiresInSeconds": 300,
"refreshToken": "eyJhbGci...zj9YL6Ow",
"refreshExpiresInSeconds": 1800
}
The accessToken
key contains the JWT.
Use the JWT in headers
Attach the JWT to requests like this:
bash
JWT="eyJhbGci...ZDi022eQ"
curl -H "Authorization: Bearer $JWT" $API_BASE_URL/users/me
Refresh the JWT
You can obtain new JWT without exchanging API credentials again and rather just exchanging refreshToken
:
bash
curl $API_BASE_URL/auth/token/refresh \
-H "Content-Type: application/json" \
-X POST --data '{
"workspace": "<workspace>",
"refreshToken": "eyJhbGci...zj9YL6Ow",
}'
The response will have exactly same structure as the /auth/token
response (see Request a JWT).