Authentication¶
The API authorization is based on JWT. The authentication endpoint sends back both an access token and a refresh token. Each subsequent request must include the access token. This allows the user to access resources that are permitted with that token.
When the token expires, the API sends a 401 status response back to
the caller. At this point, we can either refresh the access token via
the refresh token or get a new access and refresh token again.
Endpoints¶
Authenticate¶
POST /api-token/ — authenticate and get new tokens
Parameters
Body:
- Type: object
- Required
- Content type:
application/json
Model:
{
"email": "string",
"password": "string"
}
Example:
{
"email": "superdooper@user.com",
"password": "supersecretpassword"
}
Responses
| Code | Body |
|---|---|
201 |
{"access": "xxxxx.yyyyy.zzzzz", "refresh": "uuuuu.vvvvv.ttttt"} |
401 |
{"detail":"No active account found with the given credentials"} |
Refresh token¶
POST /token/refresh/ — refresh and get new tokens
Parameters
Body:
- Type: object
- Required
- Content type:
application/json
Model:
{ "refresh": "string" }
Example:
{ "refresh": "uuuuu.vvvvv.ttttt" }
Responses
| Code | Body |
|---|---|
201 |
{"access": "xxxxx.yyyyy.zzzzz", "refresh": "uuuuu.vvvvv.ttttt"} |
401 |
{"detail":"Token is blacklisted"} |
Examples¶
curl -X POST \
-H "Content-Type: application/json" \
-d '{"email": "superdooper@user.com", "password": "supersecretpassword"}' \
'https://api.biolanglobal.com/biolan/data/api/api-token/'
The response will be something like:
{
"access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
"refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}
And then, every call to any other endpoint should send the access token:
curl 'https://api.biolanglobal.com/biolan/data/api/example/endpoint' \
-H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
Important
Every request must use https://api.biolanglobal.com as the base URL.