Getting Started

API Authentication

Introduction

Getting started with the Auth Armor API is fast and easy.

Api Url: https://api.autharmor.com

Note: HTTPS is required.

API Access and Authentication

The Auth Armor API uses the Oauth2 Client Credentials flow to authenticate API calls.

For Oauth2 Client Credentials flow, you will need to request a bearer token from our Oauth2 auth server.

You will need to obtain a client_id and a client_secret to access generate bearer tokens. Please visit the dashboard at https://dashboard.autharmor.com, select your project, then create backend private API client. Using this information, you can generate bearer tokens to access the api. For more information, see How to create API clients using the dashboard

There are many tools that can help generate bearer tokens for you. Postman has integration for generating bearer tokens as well and we recommend using Postman to assist with your implementation.

πŸ“˜

Auth Armor OAuth2 Server Token endpoint

https://login.autharmor.com/connect/token

If you are not using any tools, you can still request bearer tokens with a simple http request. See below

POST /connect/token HTTP/1.1
Host: login.autharmor.com
Content-Type: application/x-www-form-urlencoded
Content-Length: [dynmaic]
 
client_id={your_client_id}&client_secret={your_client_secret}&
grant_type=client_credentials

Parameters

Required:

  • client_id
  • client_secret

Username or user_id

When you are using an API that requires the context of a user in the route, for example, Get User Info, the route requires you pass a user_id in the route. In the case you wish to pass a username instead of a user_id you can use a an optional header called X-AuthArmor-UsernameValue to pass the username. When you do this, you must pass an empty UUID as the user id (example: 00000000-0000-0000-0000-000000000000)

Example route: https://api.autharmor.dev/v3/users/00000000-0000-0000-0000-000000000000
Example header: X-AuthArmor-UsernameValue: [email protected]

GET /v3/users/00000000-0000-0000-0000-000000000000 HTTP/1.1
Host: api.autharmor.com
Content-Type: application/json
X-AuthArmor-UsernameValue: [email protected]

Privacy and Security

We do this for a specific reason. Privacy and security. Headers are encrypted when using TLS/HTTPS. A url route is not. Most routers log route data. This means if you have usernames that are email addresses, and they are put inside the route, then this information is getting logged somewhere and can be data farmed.

Because of this, we only accept the user_id in the route, and if you wish to use a username, it can be passed inside the header. This gives you, the developer, more flexibility along with better security and privacy.


What’s Next