Authentication¶
API use Django’s Token-based authentication through the django-rest-auth library which also provide a set of endpoints to handle User Registration and Authentication tasks.
Retrieve token¶
/api/v1/rest-auth/login/ (POST)
{ "username": "USERNAME", "password": "USER_PASSWORD" }
Response code 200 with body:
{ "key": "d5ab4a34418b7053c86f1865003070671a7d158f" }
Fetch API being authenticated¶
Stateless API require to provide the user token on each request. Token mush be sended threw the header using the Authorization
value and Token YOUR_TOKEN
key.
curl -X GET "https://seven23.io/api/init" -H "accept: application/json" -H "Authorization: Token d5ab4a34418b7053c86f1865003070671a7d158f"
Note
By design, a token does not expire and remains active until being manually deleted.
Revoke token¶
Send an authenticated request to /v1/users/token (DELETE) will revoke used token.
curl -X DELETE "https://seven23.io/api/v1/users/token" -H "accept: application/json" -H "Authorization: Token d5ab4a34418b7053c86f1865003070671a7d158f"