The API uses JSON Web Tokens (JWT) for authorization. It does so by putting the token in the HTTP Authorization header using the bearer schema. More about this can be read here: https://jwt.io/introduction/
To authorize your calls, the following method must be called:
Request URL: https://<api-url>/api/account/login
Request Method: POST
Header:
Content-Type: "application/json"Body:
{
"username": "<your e-mail address>",
"password": "<password>"
}
If the call succeeds, the response contains a string, which is the JWT Bearer token. It could look like this:
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJERmlAZWx0cm9uaWMuZGsiLCJyb2xlIjoiQWRtaW4iLCJuYmYiOjE1NzE4MTQzNTUsImV4cCI6MTU3MTgxNjE1NSwiaWF0IjoxNTcxODE0MzU1fQ.bJgqMq7kl1VIzDHeHt-2lJUq9CzI6rUQKEj5E3xC6NY
Add this string with the bearer schema in the Authorization header for following calls.
Note that the token has an expiration time of 30 minutes from retrieving it, after which a new token must be retrieved by calling the login method again.
An example with getting the list of units, which needs authorization, looks like this:
Request URL: https://<api-url>/api/Unit/ListUnits
Request Method: GET
Header:
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VyaWQiOiJERmlAZWx0cm9uaWMuZGsiLCJyb2xlIjoiQWRtaW4iLCJuYmYiOjE1NzE4MTQzNTUsImV4cCI6MTU3MTgxNjE1NSwiaWF0IjoxNTcxODE0MzU1fQ.bJgqMq7kl1VIzDHeHt-2lJUq9CzI6rUQKEj5E3xC6NY
A test user has been created, that can be used in both in the demo and test environment:
{
"username": "apitest@diap.online",
"password": "Apitest-1234"
}