Access Using JWT and API Key

From DreamFactory
Jump to: navigation, search
DreamFactoryTutorialsAccess Using JWT and API Key

For non-admin users, DreamFactory APIs should be consumed with a JWT (token) from an authenticated session and an application API key. The API Key tells the system what app the call is being made for. The system will use the API key to look up the role assigned to the user for that app, and limit access to what is allowed by that role. If no role is explicitly assigned to the user for that app it will use the default role for that app, as if the user were not authenticated. If you get a 'Role not found.' error make sure you are specifying an API key in addition to the session token.

Request: 

GET https://foo.com/api/v2/db/_table?session_token=abc.123.efg&api_key=xyz123abc
  • HTTP method: GET
  • URL: https://foo.com/api/v2
  • Service: db
  • Resource: _table
  • Session token: abc.123.efg
  • API key: xyz123abc

Note: Session token can also be supplied using the X-DreamFactory-Session-Token request header. API key can also be supplied using the X-DreamFactory-Api-Key request header.

Retrieved from "https://wiki.dreamfactory.com/index.php?title=DreamFactory/Tutorials/Access_Using_JWT_and_API_Key&oldid=32534"