Access Using JWT and API Key

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT and API Key
Line 1: Line 1:
You can consume DreamFactory 2.0 APIs by providing the combination of JWT and API Key. This is more appropriate in case
+
For non-admin users, DreamFactory APIs should be consumed with a JWT (token) from an authenticated session and an application API key. The API Key tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role.
of a non-admin user. When consuming APIs using JWT and application API Key, access is limited by the role assigned to the  
+
user for the application of the API Key being used. Admin users always have access to all APIs using just the JWT.  
+
  
=== API Endpoints ===
+
Request:
  
<pre>{Method} https://{url}/api/v2/{service}/{resource}?session_token={JWT}&api_key={api-key}</pre>
+
<pre>GET https://foo.com/api/v2/db/_table?session_token=abc.123.efg&api_key=xyz123abc</pre>
 +
* HTTP method: GET
 +
* URL: https://foo.com/api/v2
 +
* Service: db
 +
* Resource: _table
 +
* Session token: abc.123.efg
 +
* API key: xyz123abc
  
-- OR --
+
Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header. API key can also be supplied using the X-DreamFactory-Api-Key request header.
 
+
<pre>{Method} https://{url}/api/v2/{service}/{resource}</pre>
+
Request header
+
<pre>
+
...
+
X-DreamFactory-Session-Token: {JWT}
+
X-DreamFactory-Api-Key: {api_key}
+
...
+
</pre>
+
 
+
=== Example - Using URL parameter ===
+
 
+
* Service: system
+
* Resource: user
+
* Session Token: abc.123.efg
+
* API Key: abc123efg
+
* Method: GET
+
* Request URL:
+
<pre>GET https://foo.com/api/v2/system/user?session_token=abc.123.efg&api_key=abc123efg</pre>
+
 
+
=== Example - Using request header ===
+
 
+
* Service: system
+
* Resource: user
+
* Session Token: abc.123.efg
+
* API Key: abc123efg
+
* Method: GET
+
* Request Header:
+
<pre>
+
...
+
X-DreamFactory-Session-Token: abc.123.efg
+
X-DreamFactory-Api-Key: abc123efg
+
...
+
</pre>
+
* Request URL:
+
<pre>GET https://foo.com/api/v2/system/user</pre>
+

Revision as of 19:30, 30 June 2016

For non-admin users, DreamFactory APIs should be consumed with a JWT (token) from an authenticated session and an application API key. The API Key tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role.

Request: 

GET https://foo.com/api/v2/db/_table?session_token=abc.123.efg&api_key=xyz123abc
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Session token: abc.123.efg
  • API key: xyz123abc

Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header. API key can also be supplied using the X-DreamFactory-Api-Key request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT_and_API_Key&oldid=32516"