Skip to content

Authentication

The API authorization is based on JWT. The authentication endpoint sends back both an access token and a refresh token. Each subsequent request must include the access token. This allows the user to access resources that are permitted with that token.

When the token expires, the API sends a 401 status response back to the caller. At this point, we can either refresh the access token via the refresh token or get a new access and refresh token again.

Endpoints

Authenticate

POST /api-token/ — authenticate and get new tokens

Parameters

Body:

  • Type: object
  • Required
  • Content type: application/json

Model:

{
  "email": "string",
  "password": "string"
}

Example:

{
  "email": "superdooper@user.com",
  "password": "supersecretpassword"
}

Responses

Code Body
201 {"access": "xxxxx.yyyyy.zzzzz", "refresh": "uuuuu.vvvvv.ttttt"}
401 {"detail":"No active account found with the given credentials"}

Refresh token

POST /token/refresh/ — refresh and get new tokens

Parameters

Body:

  • Type: object
  • Required
  • Content type: application/json

Model:

{ "refresh": "string" }

Example:

{ "refresh": "uuuuu.vvvvv.ttttt" }

Responses

Code Body
201 {"access": "xxxxx.yyyyy.zzzzz", "refresh": "uuuuu.vvvvv.ttttt"}
401 {"detail":"Token is blacklisted"}

Examples

curl -X POST \
  -H "Content-Type: application/json" \
  -d '{"email": "superdooper@user.com", "password": "supersecretpassword"}' \
  'https://api.biolanglobal.com/biolan/data/api/api-token/'

The response will be something like:

{
  "access": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...",
  "refresh": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."
}

And then, every call to any other endpoint should send the access token:

curl 'https://api.biolanglobal.com/biolan/data/api/example/endpoint' \
  -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9..."

Important

Every request must use https://api.biolanglobal.com as the base URL.