Access Using JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT
 
(9 intermediate revisions by 3 users not shown)
Line 1: Line 1:
### Tutorial
+
For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.
  
DreamFactory 2.0 APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's
+
Request:
session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. He/she will also
+
require an API Key and their access will be limited by the role assigned to them for the application of the API key being used.
+
 
+
### API Endpoints
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}?session_token={JWT}</pre>
+
 
+
-- OR --
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}</pre>
+
Request header
+
<pre>
+
...
+
X-DreamFactory-Session-Token: {JWT}
+
...
+
</pre>
+
 
+
### Example - Using URL parameter
+
  
 +
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 +
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 
* Service: system
 
* Service: system
 
* Resource: user
 
* Resource: user
* Session Token: abc.123.efg
+
* Session token: abc.123.efg
* Method: GET
+
* Request URL:
+
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
+
  
### Example - Using request header
+
<pre>GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg</pre>
 +
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 +
* Service: db
 +
* Resource: _table
 +
* Additional Parameter: limit
 +
* Session token: abc123efg
  
* Service: system
+
 
* Resource: user
+
'''Note:''' Session token can also be supplied using the X-DreamFactory-Session-Token request header.
* Session Token: abc.123.efg
+
* Method: GET
+
* Request Header:
+
<pre>
+
...
+
X-DreamFactory-Session-Token: abc.123.efg
+
...
+
</pre>
+
* Request URL:
+
<pre>GET https://foo.com/api/v2/system/user</pre>
+

Latest revision as of 18:16, 13 July 2018

For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.

Request: 

GET https://foo.com/api/v2/system/user?session_token=abc.123.efg
GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Additional Parameter: limit
  • Session token: abc123efg


Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT&oldid=34392"