Differences

This shows you the differences between two versions of the page.

--- protogrid:json_api_authentication [2022-02-21 23:05] – [JSON API Authentication] dru
+++ protogrid:json_api_authentication [2022-02-22 23:09] – [/api/v2/authenticate] dru
@@ Line 1: / Line 1: @@
 ====== JSON API Authentication ======
+All HTTP requests to the Protogrid JSON API require a valid authentication. If the authentication fails an HTTP error 403 will be returned.
-All HTTP requests to the Protogrid JSON API require a valid authentication. If the authentication fails, an HTTP error 403 will be returned. Currently, the following variants are available for authentication:
+The following variants are available for authentication in all JSON API endpoints:
-  * [[https://en.wikipedia.org/wiki/Basic_access_authentication|HTTP Basic authentication (BA)]].
+  * Header authentication using the HTTP headers 'username' and 'password'.
-  * Header Authentication using the HTTP headers 'username' and 'password'.
+  * [[https://en.wikipedia.org/wiki/Basic_access_authentication|HTTP basic authentication (BA)]]
-  * Cookie Authentication using the session cookie returned after a successfull authentication with one of the upper two variants.
+  * Cookie authentication (a valid session cookie is part of the response of each successful authenticated JSON API request).
-Note: Both the email address (e.g. "user@example.com") and the user ID (e.g. "1957f847-f298-4f14-a031-7ffbe31aeb47") can be used for " username".
+Note: Both the email address (e.g. "testuser@example.com") and the user ID (e.g. "1957f847-f298-4f14-a031-7ffbe31aeb47") can be used for "username".
-==== How to authenticate ====
-A POST http request to the API endpoint “/api/v2/authenticate” does log in the user and the response contains the set-cookie header with the generated cookie.
+===== /api/v2/authenticate =====
-HTTP header fields:
+[POST] In order to obtain a session cookie you can use the authentication endpoint.
-| <user_id> [required]: | The user_id corresponds to the username or e-mail address of the user. |
-| ::: |Either <user_email> or <user_id> have to be specified.|
+Note: For this endpoint, in addition to the three variants above, the credentials can also be passed as "application/json" in the request body:
-| <user_email> [required]: |The user_email corresponds to the e-mail address of the user. |
+<code javascript>
-| ::: |Either <user_email> or <user_id> have to be specified.|
-|<user_secret> [required]: |The user_secret corresponds to the password of the user.|
-=== Examples ===
-== Request HTTP ==
-Example request:
-<code>
-https://example.protogrid.com/api/v2/authenticate
-</code>
-Request header:
-<code json>
 {
-  POST /api/v2/authenticate
+  "username": "testuser@example.com",
-  Host: your_environment.protogrid.com
+  "password": "test_password"
-  user_id: example_user
-  user_secret: example_secret
 }
 </code>
-== Request jQuery ==
-Example in jQuery:
-<code jquery>
+===== Examples obtaining a session cookie using the authentication endpoint with header authentication =====
+==== HTTP ====
+<code>
+POST /api/v2/authenticate
+Host: example.protogrid.com
+username: testuser@example.com
+password: test_password
+</code>
+==== jQuery ====
+<code javascript>
 $.ajax({
   type:'POST',
@@ Line 41: / Line 38: @@
   dataType: 'json',
   beforeSend: function(xhr){
-      xhr.setRequestHeader('user_id','tester@test.com');
+      xhr.setRequestHeader('username','testuser@example.com');
-      xhr.setRequestHeader('user_secret','test_password');
+      xhr.setRequestHeader('password','test_password');
   }
 });
 </code>
-== Request Python ==
+==== Python ====
-Example in Python (with requests):
 <code python>
+import requests
 url = "https://example.protogrid.com/api/v2/authenticate"
-headers = dict(user_id="test_user@testdomain.com", user_secret="test_password")
+headers = dict(username="testuser@example.com", password="test_password")
 req = requests.post(url, headers=headers)
 response = req.text
@@ Line 58: / Line 55: @@
 </code>
-== Request Axios ==
+==== Axios ====
-Example with Axios
 <code javascript>
 const axios = require('axios');
@@ Line 65: / Line 61: @@
   headers: {
     'Content-Type': 'application/json; charset=utf-8',
-    'user_email': 'test_user@testdomain.com',
+    'username': 'testuser@example.com',
-    'user_secret': 'test_password'
+    'password': 'test_password'
   }
 })
 .then((result) => {
-  console.log('Outer Success.');
+  console.log('Authentication Success.');
   var cookies_from_resp = res.headers['set-cookie'];
   var cookie_for_session = cookies_from_resp[0].split(';').[0];
@@ Line 77: / Line 73: @@
 })
 .catch((error) => {
-  console.error('Outer Error: ' + error);
+  console.error('Authentication Error: ' + error);
 });
 </code>
-== Success Response ==
+==== Success Response ====
 Example response of successful authentication:
-<code json>
+<code javascript>
 {
   "errors": [],
-  "protogrid_environment_version": "1.3.9",
+  "protogrid_environment_version": "2.3.0",
   "result": "Login successful!"
 }
 </code>
-== Unsuccessful Response ==
+==== Error Response ====
 Example response of unsuccessful authentication:
 <code javascript>
 {
-  “errors”: [
+  "errors": [
     {
-      “code”: 401,
+      "code": 403,
-      “message”: “Your login wasn’t recognized. Please check your e-mail
+      "message": "Your login wasn’t recognized."
-      address and password.”
     }
   ],
-  "protogrid_environment_version": "1.3.9",
+  "protogrid_environment_version": "2.3.0",
-  “result”: {}
+  "result": {}
 }
 </code>
-==== How to send authenticated http requests ====
+===== Examples using a previously obtained session cookie =====
-Each request to any API endpoint has to be authenticated using the cookie returned by the /api/v2/authenticate API endpoint.
-=== Examples ===
+==== HTTP ====
-== ajax ==
+<code>
-Example ajax request:
+GET /api/v2/apps
-Note that when jQuery runs in a browser, that the cookie is passed automatically with the request.
+Host: example.protogrid.com
-<code jquery>
+Cookie: session=.eJyNsjcfzO7DzDBQxq3cxhPBl1JzwkL4AnjUOkhrJWjN0bOGXd9dpeWmO-337efwDyf4bLA.YhNvyQ.PZSBKOhy94xZ8yLq-e0HwIqo
-$jq.ajax({
+</code>
+==== jQuery ====
+<code javascript>
+$.ajax({
   type: 'GET',
   url: 'https://example.protogrid.com/api/v2/apps',
@@ Line 121: / Line 119: @@
   dataType: 'json',
   success: function(data) {
-          console.log(data);
+    console.log(data);
   },
-  error: function(data) { console.log(data); }
+  error: function(data) {
+    console.log(data);
+  }
 });
 </code>
-Note: Some browsers handle cookies differently. For more information, see the browser specific documentation.
+Most browsers automatically save received cookies and then automatically attach them to subsequent requests.
+In particular, this means that you usually don't need to worry about authentication if you use JSON API requests in [[protogrid:script_library|Client Script Libraries]].
-== Example Python ==
+==== Python ====
-Example Python request:
 <code python>
-# The cookie variable was set above in the authenticate example.
+# The cookie variable was set above in the authentication example.
 url = "https://example.protogrid.com/api/v2/apps"
 req = requests.get(url, cookies=cookie)
@@ Line 137: / Line 138: @@
 response = json.loads(response)
 </code>
-Note: For more information about the requests, please refer to http://docs.python-requests.org/en/master/
+For more information about the requests library, please refer to [[http://docs.python-requests.org/en/master/|the official documentation]].
-== Example Axios ==
+==== Axios ====
-Example request with Axios:
 <code javascript>
 axios.get('https://example.protogrid.com/api/v2/apps', {
@@ Line 149: / Line 149: @@
 })
 .then((result) => {
-  console.log('Inner Success.');
+  console.log('Success');
   console.log(result.data);
 })
 .catch((error) => {
-  console.log('Inner Error: ' + error);
+  console.log('Error');
+  console.log(error);
 });
 </code>

Trace:

Search

Differences

Print/export

Tools