The 2.0 REST API introduces authentication using short-living JWT tokens:
- Use your account credentials to get a short-lived token (~1hr)
- Perform REST API actions by providing your token as an HTTP header
- Periodically refresh your token by exchanging your token for a fresher one, or generating a new one from scratch
- Valid tokens can only be exchanged for new ones up to 24 hours: Your application must re-login daily with full credentials
Several convenience methods and language-specific client libraries makes JWT auth even easier to use.
JWT tokens delegate to their holders the full power of an account without exposing passwords.
Graphistry does not currently provide token revocation nor fine-grained capability/RBAC for API calls.
We therefore recommend creating one or more service accounts, one per independent application.
Authentication
| Route |
Method |
Headers |
Parameters |
Return |
api-token-auth/ |
POST |
Content-Type: application/json |
username, password |
{"token": str} |
|
Input:
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{"username":"my_user","password":"my_pwd"}' \
http://localhost/api-token-auth/
|
|
Output:
{
"user": {
"name": "my name",
"username": "myusername",
"email": "my@email.com",
"id": 123
},
"token": "my_generated_token"
}
|
api-token-refresh/ |
POST |
Content-Type: application/json |
username, password |
{"token": str} |
|
Input:
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{"token":"MY_TOKEN"}' \
http://localhost/api-token-refresh/
|
|
Output:
{"token": "my_generated_token"}
|
api-token-verify/ |
POST |
Content-Type: application/json |
username, password |
{"token": str} |
|
Input:
curl -s -X POST \
-H "Content-Type: application/json" \
-d '{"token":"MY_TOKEN"}' \
http://localhost/api-token-verify/
|
|
Output: 200 HTTP status code
|