Authentication (2.0 API)

Concepts

The 2.0 REST API introduces authentication using short-living JWT tokens:

  1. Use your account credentials to get a short-lived token (~1hr)
  2. Perform REST API actions by providing your token as an HTTP header
  3. Periodically refresh your token by exchanging your token for a fresher one, or generating a new one from scratch
  4. Valid tokens can only be exchanged for new onews up to 24 hours: Your application must re-login daily with full credentials

Several convenience methods and language-specific client libraries makes JWT auth even easier to use.

JWT tokens delegate to their holders the full power of an account without exposing passwords. Graphistry does not currently provide token recovation nor fine-grained capability/RBAC for API calls. We therefore recommend creating one or more service accounts, one per independent application.

Authentication

Route Method Headers Parameters Return
api-token-auth/ POST Content-Type: application/json username, password
{"token": str}
Input:

curl -s -X POST \
  -H "Content-Type: application/json" \
  -d '{"username":"my_user","password":"my_pwd"}' \
  http://localhost/api-token-auth/
Output:
{"token": "my_generated_token"}
api-token-refresh/ POST Content-Type: application/json username, password
{"token": str}
Input:

curl -s -X POST \
  -H "Content-Type: application/json" \
  -d '{"token":"MY_TOKEN"}' \
  http://localhost/api-token-refresh/
Output:
{"token": "my_generated_token"}
api-token-verify/ POST Content-Type: application/json username, password
{"token": str}
Input:

curl -s -X POST \
  -H "Content-Type: application/json" \
  -d '{"token":"MY_TOKEN"}' \
  http://localhost/api-token-verify/
Output: 200 HTTP status code