POST auth - ocariot/api-gateway GitHub Wiki

Description

Retrieve a valid token to be used in requests. The authentication approach is following the specifications of JWT, which is a standard (RFC-7519) that defines how to transmit and store JSON objects in a compact and secure way between different applications.

The token payload will include the following information (RFC-7519):

Claim	Description
sub	Subject, entity to which the token belongs, usually the user ID.
iss	Issuer, defines the issuer of the token.
exp	Expiration, timestamp in seconds of when the token will expire.
iat	Issued at, timestamp in seconds from when the token was created.
scope	Specifies the access scopes that the generated token has.

Example of values that can make up the payload:

{
  "sub": "5daf47f1d3cb260019b5edb9",
  "sub_type": "admin",
  "iss": "ocariot",
  "iat": 1571849771,
  "scope": "physicalactivities:read sleep:read measurements:read",
  "exp": 1571936171
}

URL

POST https://localhost/v1/auth

Curl example

curl -X POST "https://localhost/v1/auth" -H "accept: application/json" -H "Content-Type: application/json" -d "{"username":"your_user","password":"your_password"}"

Request body

{
  "username": "BR0001",
  "password": "br123"
}

Response body

• 200 Successful Authentication

    {
      "access_token": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiI1ZGFmNDdmMWQzY2IyNjAwMTliNWVkYjkiLCJzdWJfdHlwZSI6ImFkbWluIiwiaXNzIjoib2NhcmlvdCIsImlhdCI6MTU3MTg0OTc3MSwic2NvcGUiOiJwaHlzaWNhbGFjdGl2aXRpZXM6cmVhZCBzbGVlcDpyZWFkIG1lYXN1cmVtZW50czpyZWFkIiwiZXhwIjoxNTcxOTM2MTcxfQ.WduK8favKAufML3tg93Wfd-Dg7gUPES31AHnZlzzKtZI1ZX3TVBPm_QCBvLizmthtBs8IVKrYeK4MDGyvoDKrz2-FG3lnbbNeUnZ90SLHDBH9raFrDt8tA4je7nlBiONtOIkzYH0yjhIHf-FuYade64k6OUwGpV3cDLnq2CD2CsmnHDzlAwXnfH2kLB_SHCgXyTCeNJKOb9W3rQ2sc88KHaJIE6CRBQIdi7te-N647vkMuBjon8EgCz4VjX4n6yEXfMFPof905Xt6hD5q7EC9o9QF04x2ElxtjWl5aSvsDEoAeFjAhH7m3_YMgg99md4Rb3jUoFNVd561JvxQDL2PItRagHwRCevh6NdOsypepJSKEj4Vmj3xtm_F3W7fyVP8Z3YCwy5dhzTmpvyELhcgsh2bNx92iDbyl5LQ7Xem9BNgM0yXKDCxAA_nXsKEeYYp3rdCePxBtjhd3Z7zhC1XA9qvbvNOOk8A0561GKr0YP96K4rtMfA3_dfZ1JPa82YP-iLlUCBVMiVAVP7a-3cmNToo29lYILeM2LRdnEANGf_inouCkpXSY_qAQgxip8r-AzjqVl9M8_eIMaDn2IxWeOnVOyfmY1eThJecG7V2iqGKpY61HIHWt0sbdYfuY7fpJNtP9IUSST3UMMb_P3KcLv5CCLuT6XewEWn4nRSFd8"
    }
  

• 400 Validation errors

  • Invalid JSON format

  • Missing fields

    • Example

      {
        "code": 400,
        "message": "Required fields were not provided...",
        "description": "username, password are required!"
      }
      

  • Empty string

    • Example

      {
        "code": 400,
        "message": "One or more request fields are invalid...",
        "description": "username must have at least one character!"
      }
      

  • Invalid string

    • Example

      {
        "code": 400,
        "message": "One or more request fields are invalid...",
        "description": "username must be a string!"
      }
      

• 401 Unauthorized Error

• 429 Too Many Requests Error

• 500 Internal Server Error