Access Using JWT

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT
 
(5 intermediate revisions by one other user not shown)
Line 1: Line 1:
DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API Key that tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role.
+
For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.
  
 
Request:
 
Request:
Line 10: Line 10:
 
* Session token: abc.123.efg
 
* Session token: abc.123.efg
  
Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.
+
<pre>GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg</pre>
 +
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 +
* Service: db
 +
* Resource: _table
 +
* Additional Parameter: limit
 +
* Session token: abc123efg
 +
 
 +
 
 +
'''Note:''' Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Latest revision as of 18:16, 13 July 2018

For admin users only, DreamFactory APIs can be consumed with just a JWT (token) from an authenticated session. JWT from an admin user's session will allow full access to the system. Non-admin users cannot consume any protected APIs using just a JWT. They will also require an API key that allows the system to determine if they should have access to the requested resource.

Request: 

GET https://foo.com/api/v2/system/user?session_token=abc.123.efg
GET https://foo.com/api/v2/db/_table?limit=1&session_token=abc123efg
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Additional Parameter: limit
  • Session token: abc123efg


Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT&oldid=34392"