API authentication

The Wenenu REST API uses the HTTP protocol. Requests must be made over a secure connection (HTTPS). Authentication is done by providing a JSON web token (JWT) as an HTTP header for every request. To obtain a JWT token, users need to create an API user. The id and the secret of the API user are used to get a JWT token.

The JWT token has an expiration time. It can be used for any number of requests before it expires. After the expiration time, users need to get a fresh JWT token for the subsequent requests. The token contains the roles the API user had when the token was generated. The JWT token must be sent with every API request as the Authorization header.

Authorization: Bearer {JWT_TOKEN}

Authentication flow

Wenenu API authentication flow
Figure 1. Wenenu API authentication flow

Obtaining a JWT token

POST /auth/token

Request Body

Name Type Required Description

grant_type

string

True

Grant type, must be api

username

string

True

Version 4 UUID of the API user

password

string

True

Secret of the API user

Responses

Name Type Description

200 OK

AuthResponse

Authentication object containing the JWT token

Consumes

  • application/json

Produces

  • application/json

Sample request

POST https://wenenu.com/auth/token HTTP/1.1
Content-type: application/json

Request body:

{
  "grant_type": "api",
  "username": "1885092a-8d05-4749-9dd4-f29be8e6d7a7",
  "password": "4))mfY[N6po@QFDJi$ZcsfA+RnHH_)Fl"
}

Sample Response

Status code: 200

{
  "access_token": "JWT_TOKEN",
  "expires": 1619444276
}

Definitions

AuthResponse

Name Type Description

access_token

string

JWT access token

expires

long

UNIX timestamp of the token expiration time