Getting Started
API Authentication
Introduction
Getting started with the Auth Armor API is fast and easy.
Api Url: https://api.autharmor.com
Note: HTTPS is required.
API Access and Authentication
The Auth Armor API uses the Oauth2 Client Credentials flow to authenticate API calls.
For Oauth2 Client Credentials flow, you will need to request a bearer token from our Oauth2 auth server.
You will need to obtain a client_id
and a client_secret
to access generate bearer tokens. Please visit the dashboard at https://dashboard.autharmor.com, select your project, then create backend private API client. Using this information, you can generate bearer tokens to access the api. For more information, see How to create API clients using the dashboard
There are many tools that can help generate bearer tokens for you. Postman has integration for generating bearer tokens as well and we recommend using Postman to assist with your implementation.
Auth Armor OAuth2 Server Token endpoint
If you are not using any tools, you can still request bearer tokens with a simple http request. See below
POST /connect/token HTTP/1.1
Host: login.autharmor.com
Content-Type: application/x-www-form-urlencoded
Content-Length: [dynmaic]
client_id={your_client_id}&client_secret={your_client_secret}&
grant_type=client_credentials
Parameters
Required:
client_id
client_secret
Username or user_id
When you are using an API that requires the context of a user in the route, for example, Get User Info, the route requires you pass a user_id
in the route. In the case you wish to pass a username
instead of a user_id
you can use a an optional header called X-AuthArmor-UsernameValue
to pass the username. When you do this, you must pass an empty UUID as the user id (example: 00000000-0000-0000-0000-000000000000)
Example route: https://api.autharmor.dev/v3/users/00000000-0000-0000-0000-000000000000
Example header: X-AuthArmor-UsernameValue: [email protected]
GET /v3/users/00000000-0000-0000-0000-000000000000 HTTP/1.1
Host: api.autharmor.com
Content-Type: application/json
X-AuthArmor-UsernameValue: [email protected]
Privacy and Security
We do this for a specific reason. Privacy and security. Headers are encrypted when using TLS/HTTPS. A url route is not. Most routers log route data. This means if you have usernames that are email addresses, and they are put inside the route, then this information is getting logged somewhere and can be data farmed.
Because of this, we only accept the user_id
in the route, and if you wish to use a username, it can be passed inside the header. This gives you, the developer, more flexibility along with better security and privacy.
Updated 8 months ago