Access Using JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT
Line 1: Line 1:
DreamFactory 2.0 APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's  
+
DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API Key that tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role.
session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. He/she will also  
+
require an API Key and their access will be limited by the role assigned to them for the application of the API key being used.
+
  
=== API Endpoints ===
+
Request:
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}?session_token={JWT}</pre>
+
 
+
-- OR --
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}</pre>
+
Request header
+
<pre>
+
...
+
X-DreamFactory-Session-Token: {JWT}
+
...
+
</pre>
+
 
+
=== Example - Using URL parameter ===
+
  
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
+
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 
* Service: system
 
* Service: system
 
* Resource: user
 
* Resource: user
* Session Token: abc.123.efg
+
* Session token: abc.123.efg
* Method: GET
+
* Request URL:
+
  
=== Example - Using request header ===
+
Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.
<pre>
+
...
+
X-DreamFactory-Session-Token: abc.123.efg
+
...
+
</pre>
+
Request URL:
+
<pre>GET https://foo.com/api/v2/system/user</pre>
+
* Service: system
+
* Resource: user
+
* Session Token: abc.123.efg
+
* Method: GET
+
* Request Header:
+

Revision as of 19:17, 30 June 2016

DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API Key that tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role.

Request: 

GET https://foo.com/api/v2/system/user?session_token=abc.123.efg

Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT&oldid=32513"