Our API supports user accounts with each user having the ability managing their account resources. It’s implemented as a token based authentication. We make use of JWT (JSON Web Tokens) – the well known standard here.
The authentication controller exposes an /api/authentications/signin
endpoint
that accepts user credentials and returns a JSON response with the result.
Let’s do some manual testing for better understanding. For this case we recommend httpie – a command line HTTP client with an intuitive UI with built in JSON support.
We are going to sign in an existing user (use yours credentials instead) and get the authorization token from there for all future API calls.
Please note the authorization token is valid for 24 hours only. When it’s expired you must get a new one by repeating the user authentication once again.
# Sign in a user - get authorization token from here
$ http POST https://secure.yardman.io/api/authentications/signin email=john@example.com password=mYsEcReT
If your credentials are fine you should get something similar to the following result:
HTTP/1.1 200 OK
Cache-Control: max-age=0, private, must-revalidate
Connection: keep-alive
Content-Type: application/json; charset=utf-8
Date: Wed, 21 Mar 2018 06:59:18 GMT
ETag: W/"8dabdefd5109439190062f071a9d47f8"
Server: nginx/1.10.3 (Ubuntu)
Strict-Transport-Security: max-age=31536000; includeSubdomains; preload
Transfer-Encoding: chunked
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Request-Id: f4cc1849-3bab-4717-8e64-9d804d3cac9e
X-Runtime: 0.220139
X-XSS-Protection: 1; mode=block
{
"auth_token": "eyJhbGciOiJIUzI1NiJ9.eyJ1c2VyX2lkIjoyOCwiZXhwIjoxNTIxNzAxOTU4fQ.u79fDhIk9F3SM3NALFFGQrCjJNgDPz_Gk2f4ocafjSo"
}
The auth_token
value is your unique authorization token to be used.