Authentication (grpc) - 1080Motion/API GitHub Wiki
The API uses a custom token based authentication scheme.
The security in gRPC comprise of two parts
- The channel itself. This is secured using channel credentials which in our case is SSL.
- The individual calls. This is secured using call credentials which is passed in the HTTP headers of each request (this is sometimes called metadata in gRPC lingo)
See https://grpc.io/docs/guides/auth/ for details about the terminology and concepts involved.
To obtain a new token make an unauthenticated call to the api endpoint below.
rpc GetToken (GetTokenRequest) returns (GetTokenResponse);
For the request to be valid GetTokenRequest needs to contain a valid API Key (manually distributed by 1080Motion). The GetTokenResponse contains the token. This token must be passed along all calls to protected api endpoints.
To construct an authenticated client you need to create an authentication header according to the following:
Authorization: 1080Motion <token>
Using the token clients are able to query data related to one instructor account at a time. By default the token is valid for 1 hour.
Exactly how this is done is slightly different depending on which programming language you use. To further complicate matters, there are several ways to achieve the same results.
But in a nutshell, the following pseudo code should get you started.
// Step 1: obtain the token. This can be done on an unsecure channel
var unsecuredChannel = CreateChannel(apiUri)
var authClient = new AuthServiceClient(unsecuredChannel)
var response = authClient.GetToken(new GetTokenRequest(myPersonal1080ApiKey))
var token = response.Token
// Step 2: Use the token to setup a secure channel with our call credentials. (Another option would be to attach the callCredentials to each call we make in the future, but this is easier)
// Interceptors are called before each call and can add metadata to the header
var callCredentials = CallCredentials.FromInterceptor((context, metadata) => metadata.Add("Authorization", "1080Motion {token}"))
var sslCredenials = new SslCredentials() // No cert needed
var combinedCredentials = ChannelCredentials.Create(sslCredentials, callCredentials)
var secureChannel = CreateChannel(apiUri, combinedCredentials)
// Step 3: Use the newly created secureChannel as channel for your different grpc clients to access the API. The same channel can be shared freely between the clients.
var instructorClient = new InstructorServiceClient(secureChannel)
var instructor = instructorClient.GetInstructor();
var sessionClient = new SessionServiceClient(secureChannel)
// etc...- The 1080 official .NET sample client shows how to do this in C#.
- The gRPC team has an auth sample for Python.
- The same official docs have a section about python in their auth chapter