Authentication

In order to access and interact with our API endpoints, authentication is required using the JSON Web Token (JWT ↗) standard.

This page will guide you through the process of obtaining and attaching the JWT token to your requests' headers. The JWT token serves as a secure and efficient way to verify the identity of the user and authorize access to protected resources.

By following the instructions provided here, you will be able to successfully authenticate your requests and ensure the security of your interactions with our API. Let's dive in and explore the details of the authentication process.

Create API operator

Follow the official documentation ↗ to create API operator, and save the generated credentials:

  • API Key ID

  • API Key secret

Request a JWT

You can exchange API Key ID + API Key secret for a valid JWT ↗ on the target workspace:

bash

curl $API_BASE_URL/auth/token \
  -H "Content-Type: application/json" \
  -X POST --data '{
    "workspace": "<workspace>",
    "apiKeyId": "<api-key-id>",
    "apiKeySecret": "<api-key-secret>"
  }'

Response will look like:

json

{
  "accessToken": "eyJhbGci...ZDi022eQ",
  "expiresInSeconds": 300,
  "refreshToken": "eyJhbGci...zj9YL6Ow",
  "refreshExpiresInSeconds": 1800
}

The accessToken key contains the JWT.

Use the JWT in headers

Attach the JWT to requests like this:

bash

JWT="eyJhbGci...ZDi022eQ"
curl -H "Authorization: Bearer $JWT" $API_BASE_URL/users/me

Refresh the JWT

You can obtain new JWT without exchanging API credentials again and rather just exchanging refreshToken :

bash

curl $API_BASE_URL/auth/token/refresh \
  -H "Content-Type: application/json" \
  -X POST --data '{
    "workspace": "<workspace>",
    "refreshToken": "eyJhbGci...zj9YL6Ow",
  }'

The response will have exactly same structure as the /auth/token response (see Request a JWT).