Access Using JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT
 
(6 intermediate revisions by one other user not shown)
Line 1: Line 1:
DreamFactory 2.0 APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's  
+
For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.
session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. He/she will also  
+
require an API Key and their access will be limited by the role assigned to them for the application of the API key being used.
+
  
=== API Endpoints ===
+
Request:
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}?session_token={JWT}</pre>
+
 
+
-- OR --
+
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}</pre>
+
Request header
+
<pre>
+
...
+
X-DreamFactory-Session-Token: {JWT}
+
...
+
</pre>
+
 
+
=== Example - Using URL parameter ===
+
  
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg</pre>
 
+
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 
* Service: system
 
* Service: system
 
* Resource: user
 
* Resource: user
* Session Token: abc.123.efg
+
* Session token: abc.123.efg
* Method: GET
+
* Request URL:
+
  
=== Example - Using request header ===
+
<pre>GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg</pre>
<pre>
+
* HTTP method: GET
...
+
* URL: https://foo.com/api/v2
X-DreamFactory-Session-Token: abc.123.efg
+
* Service: db
...
+
* Resource: _table
</pre>
+
* Additional Parameter: limit
Request URL:
+
* Session token: abc123efg
<pre>GET https://foo.com/api/v2/system/user</pre>
+
 
* Service: system
+
 
* Resource: user
+
'''Note:''' Session token can also be supplied using the X-DreamFactory-Session-Token request header.
* Session Token: abc.123.efg
+
* Method: GET
+
* Request Header:
+

Latest revision as of 18:16, 13 July 2018

For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.

Request: 

GET https://foo.com/api/v2/system/user?session_token=abc.123.efg
GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Additional Parameter: limit
  • Session token: abc123efg


Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT&oldid=34392"