Skip to content

POST auth

Jump to bottom
JeffMedeiros edited this page Nov 29, 2019 · 1 revision

Description

Retrieve a valid token to be used in requests. The authentication approach is following the specifications of JWT, which is a standard (RFC-7519) that defines how to transmit and store JSON objects in a compact and secure way between different applications.

The token payload will include the following information (RFC-7519):

Claim Description
sub Subject, entity to which the token belongs, usually the user ID.
iss Issuer, defines the issuer of the token.
exp Expiration, timestamp in seconds of when the token will expire.
iat Issued at, timestamp in seconds from when the token was created.
scope Specifies the access scopes that the generated token has.

Example of values that can make up the payload:

{
  "sub": "5daf47f1d3cb260019b5edb9",
  "sub_type": "admin",
  "iss": "ocariot",
  "iat": 1571849771,
  "scope": "physicalactivities:read sleep:read measurements:read",
  "exp": 1571936171
}

URL

POST https://localhost/v1/auth

Curl example

curl -X POST "https://localhost/v1/auth" -H "accept: application/json" -H "Content-Type: application/json" -d "{"username":"your_user","password":"your_password"}"

Request body

{
  "username": "BR0001",
  "password": "br123"
}

Response body

  • 200 Successful Authentication

      {
    "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZGFmNDdmMWQzY2IyNjAwMTliNWVkYjkiLCJzdWJfdHlwZSI6ImFkbWluIiwiaXNzIjoib2NhcmlvdCIsImlhdCI6MTU3MTg0OTc3MSwic2NvcGUiOiJwaHlzaWNhbGFjdGl2aXRpZXM6cmVhZCBzbGVlcDpyZWFkIG1lYXN1cmVtZW50czpyZWFkIiwiZXhwIjoxNTcxOTM2MTcxfQ.WduK8favKAufML3tg93Wfd-Dg7gUPES31AHnZlzzKtZI1ZX3TVBPm_QCBvLizmthtBs8IVKrYeK4MDGyvoDKrz2-FG3lnbbNeUnZ90SLHDBH9raFrDt8tA4je7nlBiONtOIkzYH0yjhIHf-FuYade64k6OUwGpV3cDLnq2CD2CsmnHDzlAwXnfH2kLB_SHCgXyTCeNJKOb9W3rQ2sc88KHaJIE6CRBQIdi7te-N647vkMuBjon8EgCz4VjX4n6yEXfMFPof905Xt6hD5q7EC9o9QF04x2ElxtjWl5aSvsDEoAeFjAhH7m3_YMgg99md4Rb3jUoFNVd561JvxQDL2PItRagHwRCevh6NdOsypepJSKEj4Vmj3xtm_F3W7fyVP8Z3YCwy5dhzTmpvyELhcgsh2bNx92iDbyl5LQ7Xem9BNgM0yXKDCxAA_nXsKEeYYp3rdCePxBtjhd3Z7zhC1XA9qvbvNOOk8A0561GKr0YP96K4rtMfA3_dfZ1JPa82YP-iLlUCBVMiVAVP7a-3cmNToo29lYILeM2LRdnEANGf_inouCkpXSY_qAQgxip8r-AzjqVl9M8_eIMaDn2IxWeOnVOyfmY1eThJecG7V2iqGKpY61HIHWt0sbdYfuY7fpJNtP9IUSST3UMMb_P3KcLv5CCLuT6XewEWn4nRSFd8"
  }

  • 400 Validation errors

    • Invalid JSON format

    • Missing fields

      • Example 
        {
  "code": 400,
  "message": "Required fields were not provided...",
  "description": "username, password are required!"
}

    • Empty string

      • Example 
        {
  "code": 400,
  "message": "One or more request fields are invalid...",
  "description": "username must have at least one character!"
}

    • Invalid string

      • Example 
        {
  "code": 400,
  "message": "One or more request fields are invalid...",
  "description": "username must be a string!"
}

  • 401 Unauthorized Error

  • 429 Too Many Requests Error

  • 500 Internal Server Error

OCARIoT API Gateway (Full documentation)

Home

OCARIoT users

Integration endpoints

auth

users

institutions

children

children.physicalactivities

children.logs

children.sleep

children.weights

children.bodyfats

educators

educators.children.groups

families

families.children

healthprofessionals

healthprofessionals.children.groups

applications

institutions.environments

fitbit

fitbit.subscriber

users.fitbit.auth

users.fitbit.sync

Error patterns

400 Validation Errors

401 Unauthorized Error

403 Permission Error

404 Not Found Error

409 Conflict Error

429 Too Many Requests

500 Internal Server Error

Clone this wiki locally