Access Using JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT
m (Updated the example / details order to show the example first)
 
(7 intermediate revisions by one other user not shown)
Line 1: Line 1:
=== Tutorial ===
+
For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.
  
DreamFactory 2.0 APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's
+
Request:
session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. He/she will also
+
require an API Key and their access will be limited by the role assigned to them for the application of the API key being used.
+
 
+
=== API Endpoints ===
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}?session_token={JWT}</pre>
+
 
+
-- OR --
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}</pre>
+
Request header
+
<pre>
+
...
+
X-DreamFactory-Session-Token: {JWT}
+
...
+
</pre>
+
 
+
=== Example - Using URL parameter ===
+
  
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
+
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 
* Service: system
 
* Service: system
 
* Resource: user
 
* Resource: user
* Session Token: abc.123.efg
+
* Session token: abc.123.efg
* Method: GET
+
* Request URL:
+
  
=== Example - Using request header ===
+
<pre>GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg</pre>
<pre>
+
* HTTP method: GET
...
+
* URL: https://foo.com/api/v2
X-DreamFactory-Session-Token: abc.123.efg
+
* Service: db
...
+
* Resource: _table
</pre>
+
* Additional Parameter: limit
Request URL:
+
* Session token: abc123efg
<pre>GET https://foo.com/api/v2/system/user</pre>
+
 
* Service: system
+
 
* Resource: user
+
'''Note:''' Session token can also be supplied using the X-DreamFactory-Session-Token request header.
* Session Token: abc.123.efg
+
* Method: GET
+
* Request Header:
+

Latest revision as of 18:16, 13 July 2018

For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.

Request: 

GET https://foo.com/api/v2/system/user?session_token=abc.123.efg
GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Additional Parameter: limit
  • Session token: abc123efg


Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT&oldid=34392"