Skip to content

authorization.md

Latest commit

 

History

History
93 lines (69 loc) · 3.19 KB

authorization.md

File metadata and controls

93 lines (69 loc) · 3.19 KB
label Authentication
icon lock
order 1001
authors
name email avatar link
Artur Chmaro
artur@licenserocks.de
./static/artur.jpeg
name email avatar
Adam Leszczyński
adam@licenserocks.de
name email link avatar
Igor Klepacki
igor@licenserocks.de

Authentication

Token

We have two types of authentication tokens:

  • Master token (generated by administrator of application instance)
  • User token (generated after authentication with wallet or e-mail link)

User has to be redirected to CreatorsHub instance in order to authenticate. Each call has to to include HTTP header generated and signed by CreatorsHub:

Authorization: Bearer {JWT}

Sample request may look as follows:

curl --location --request POST '{INSTANCE_URL}/api/public/batchMint' \
  --header 'Authorization: Bearer {JWT}' \
  --header 'Content-Type: application/json' \
  --data '[
      {
        "title": "Bear 1",
        "status": "draft",
        "amount": 1
      }
    ]'

Obtaining the API Token

The endpoint is secured by the API Token attached to the User who generated the token. In order to generate the token log in to our Instance, go to Settings, find API Access under Settings list, go to the Marketplace API tab and click the Generate token button or grab the Token if you already generated one.

User cookie

Our public API also works when you're logged in on some instance without need of passing the Authorization header along with valid API Token.

!!!warning Warning It is recommended to access API using access token generated by admin. Retrieving info from public instance endpoints being authenticated using user cookie shouldn't be permanent solution if you want to build something on top of the API and should only be used in a quick dev/debug/test approach ⚠️ !!!

Sample request may look as follows:

curl --location --request POST '{INSTANCE_URL}/api/public/batchMint' \
  --header 'Content-Type: application/json' \
  --header 'Cookie: token={COOKIE}; HttpOnly; Secure' \
  --data '[
      {
        "title": "Bear 1",
        "status": "draft",
        "amount": 1
      }
    ]'

Obtaining the cookie

  1. Open the browser's developer tools:
  • In Google Chrome, you can do this by pressing F12 or Ctrl + Shift + I (Windows/Linux) or ⌘ + ⌥ + I (macOS).
  • In Mozilla Firefox, you can do this by pressing F12 or Ctrl + Shift + I (Windows/Linux) or ⌘ + ⌥ + I (macOS).

  1. Navigate to the CreatorsHub instance login page and enter your credentials to log in.

  2. Once you have successfully logged in, the server will set an HttpOnly secure cookie, which will be sent to your browser.

  3. In the developer tools, click on the "Applications" tab.

  4. In the left-hand sidebar, click on "Cookies" to expand the section.

  5. Click on the API's domain name to view its cookies and locate the HttpOnly secure cookie that you want to use for authentication (it should be named token) then copy the value.

  6. Use code defined above and replace {COOKIE} with value you just copied.