Skip to content

Authorization

Marek Tomczewski edited this page Apr 8, 2015 · 6 revisions

This API handles authorization

Get user JWT token

Param Type Description Value
Content-Type HTTP Header content type Content-type: application/json
Request
POST /v1/api/auth/token
{
    "username": "test@example.com",
    "password": "Passw0rd"
}

Response 200 OK (application/json)
{
    "token": "eyJ0eXAi..."
}
  • Notes: This call also refreshes the token.

Token expiration:

User JWT token is valid for 24h and contains user access information. On access change, token should be refreshed, to use new privileges. Example situation that require token refresh:

  • User creates new account - to use new account, token must be refreshed
  • User has been invited to new account - to have access to this account, token should be refreshed
  • User account role has been updated, for instance admin privileges were granted - to use new level of access, token must be refreshed

Get user JWT token information

Param Type Description Value
Authorization HTTP Header Access Token Authorization: Bearer eyJ0eXAi....
Request
GET/v1/api/auth/tokenInfo

Response 200 OK (application/json)
{
    "header": {
        "typ": "JWT",
        "alg": "RS256"
    },
    "payload": {
        "jti": "7b1430a2-dd61-4a47-919c-495cadb1ea7b",
        "iss": "http://enableiot.com",
        "sub": "53fdff4418b547e4241b8358",
        "exp": "2014-10-02T07:53:25.361Z"
    }
}

Get user information

Param Type Description Value
Authorization HTTP Header Access Token Authorization: Bearer eyJ0eXAi....
Request
GET/v1/api/auth/me

Response 200 OK (application/json)
{
    "id": "5524fb12b57077f3012323c2",
    "created": 1428487559131,
    "email": "test@example.com",
    "termsAndConditions": true,
    "updated": 1428487559131,
    "verified": true
}

You can’t perform that action at this time.