Skip to content

Authentication & Authorization

This page describes how to set up token to authorize API consumers.

Introduction

In order to consume APIs, a user has to set up consumers. Consumers authenticate via JWT tokens with APIs.

A user can only configure consumers for APIs which are part of their allowed access.

Example

See the following showcase. The user Jane Flour creates a token to consume the Flights API.

Generate a token

In the API Portal, select Settings

Portal - select settings

Select settings

In the settings overview, select Create token

Select create token

Select create token

Create a token and select Create

Create token

Create a token

Copy the token, save it in a secure place and select OK, got it.

Copy token

Copy token

Token overview

Token overview

Select Authorize in the Swagger UI of the Flight API.

Select Authorize

Select Authorize

Fill in the token as Bearer and select Authorize.

Authorize

Authorize

Select Close

Close

Close auth window

Requests

After you successfully created a token and authorized with an API, it is time for some test requests.

Please replace $GATEWAY-URL with the URL of your API Gateway and XXXX with your token!

Swagger UI

Portal permissions overview

Swagger UI

Curl

curl -X 'GET' \
  'https://$GATEWAY-URL/flights/flights' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer XXXX'
[
  {
    "id": 1,
    "code": "TL123",
    "src": "JFK",
    "dest": "CDG"
  },
  {
    "id": 2,
    "code": "TL234",
    "src": "CDG",
    "dest": "JFK"
  },
  {
    "id": 3,
    "code": "TL345",
    "src": "CDG",
    "dest": "LYS"
  }
]%

HTTPie

http -v "https://$GATEWAY-URL/flights/flights" 'Authorization: Bearer XXXX'
GET /flights/flights HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
Authorization: Bearer XXXX
Connection: keep-alive
Host: $GATEWAY-URL
User-Agent: HTTPie/3.2.1



HTTP/1.1 200 OK
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Content-Length: 239
Content-Type: application/json; charset=utf-8
Date: Fri, 21 Apr 2023 08:43:33 GMT
Etag: W/"ef-Hsd/htgo9Hp8GcUuP3WmPc86rsE"
Expires: -1
Pragma: no-cache
Vary: Origin, Accept-Encoding
X-Content-Type-Options: nosniff
X-Powered-By: Express

[
    {
        "code": "TL123",
        "dest": "CDG",
        "id": 1,
        "src": "JFK"
    },
    {
        "code": "TL234",
        "dest": "JFK",
        "id": 2,
        "src": "CDG"
    },
    {
        "code": "TL345",
        "dest": "LYS",
        "id": 3,
        "src": "CDG"
    }
]

What's next