Getting started with the API - dbmi-pitt/TCRN GitHub Wiki

API key

In order to use the TIES API, you will first need to request an API key. Request a key

Signing API Requests

Once you have obtained a username/API key, you must sign your request with a JWT token. The API uses a compact JSON Web Token (JWT) to provide access to the API resources. All API requests need to include an Authorization header that includes a Bearer signature that you create using the request parameters. This is used for simple authorization, since the TCGA data is publicly available. The JWT must contain the following:

header =  '{"alg": "HS256",  "typ": "JWT"}'

payload = '{"name": "<API USERNAME>", "iss" : "TIES-PITT-auth0"}'

JWT must be signed with your secret api key to generate your signature. (see below for sample js)

Once generated, send the JWT in the Authorization header using the Bearer schema.

Authorization:  Bearer  <token>

Using JavaScript with JWT

To generate a JSON Web Token for TIES, you can use the jsrsasign (RSA-Sign JavaScript Library) is an opensource free cryptography library supporting RSA/RSAPSS/ECDSA/DSA signing/validation, ASN.1, PKCS#1/5/8 private/public key, X.509 certificate, CRL, OCSP, CMS SignedData, TimeStamp, CAdES JSON Web Signature/Token in pure JavaScript.

    // Include the jsrasign javascript library
    <script src="https://cdnjs.cloudflare.com/ajax/libs/jsrsasign/8.0.4/jsrsasign-all-min.js"></script>
    var jwsjs = null;

    function generateToken() {
    // instantiate the library
    if (jwsjs == null) {
       jwsjs = new KJUR.jws.JWSJS();
    }
    // create a standard jwt header
    var sHeader = {
        "alg": "HS256",
        "typ": "JWT"};

    // create claims payload
    var sPayload = {"name": "<API USER NAME>","iss" : "TIES-PITT-auth0"};
    var sPrvKey = "<SECRET KEY>;
  
    if (jwsjs.isEmpty()) {
     var jws1 = KJUR.jws.JWS.sign(null, sHeader, sPayload, sPrvKey);
     jwsjs.initWithJWS(jws1);
   }
   jwsjs.addSignature(null, sHeader, sPrvKey);


   // Create a Bearer for the Authorization Header
   var jwtToken = 'Bearer ' + jwsjs.aHeader + '.' + jwsjs.sPayload + '.' + jwsjs.aSignature; 
}

Resources

Tutorial for JWT generation https://github.com/kjur/jsrsasign/wiki/Tutorial-for-JWT-generation

JWT explained https://auth0.com/docs/jwt

© Dept. of Biomedical Informatics, University of Pittsburgh. The TIES system is supported by Grant Number U24 CA180921 from the National Cancer Institute (NCI).

⚠️ **GitHub.com Fallback** ⚠️