Access Using JWT and API Key
| (6 intermediate revisions by 2 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | For non-admin users, DreamFactory APIs should be consumed with a JWT (token) from an authenticated session and an application API key. The session token tells the system which user is making the request. The API key tells the system which app is making the request. Each user can be assigned their own role for each app. If no role is assigned, they inherit the default role for the app, as if it was an unauthenticated request. The system will use the session token and API key to determine the role for the current user (for the current app), and limit access to what is allowed by that role. If you get a 'Role not found.' error, make sure you are specifying an API key in addition to the session token. | |
| − | + | Request: | |
| − | + | ||
| − | + | ||
| − | == | + | <pre>GET https://foo.com/api/v2/db/_table?session_token=abc.123.efg&api_key=xyz123abc</pre> |
| + | * HTTP method: GET | ||
| + | * URL: https://foo.com/api/v2 | ||
| + | * Service: db | ||
| + | * Resource: _table | ||
| + | * Session token: abc.123.efg | ||
| + | * API key: xyz123abc | ||
| − | + | '''Note:''' Session token can also be supplied using the X-DreamFactory-Session-Token request header. API key can also be supplied using the X-DreamFactory-Api-Key request header. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | X-DreamFactory-Session-Token | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | X-DreamFactory-Api-Key | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
Latest revision as of 18:18, 13 July 2018
For non-admin users, DreamFactory APIs should be consumed with a JWT (token) from an authenticated session and an application API key. The session token tells the system which user is making the request. The API key tells the system which app is making the request. Each user can be assigned their own role for each app. If no role is assigned, they inherit the default role for the app, as if it was an unauthenticated request. The system will use the session token and API key to determine the role for the current user (for the current app), and limit access to what is allowed by that role. If you get a 'Role not found.' error, make sure you are specifying an API key in addition to the session token.
Request:
GET https://foo.com/api/v2/db/_table?session_token=abc.123.efg&api_key=xyz123abc
- HTTP method: GET
- URL: https://foo.com/api/v2
- Service: db
- Resource: _table
- Session token: abc.123.efg
- API key: xyz123abc
Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header. API key can also be supplied using the X-DreamFactory-Api-Key request header.
