API Authentication - OAuth2¶
We use Bearer token authorization and it means that each API call must have
Authorization: Bearer TOKEN header.
To configure the OAuth2, you have to run backend-api-oauth-keys-generate phing target. This phing target generates private and public keys for OAuth2 and also required parameters. The private key is used to sign tokens and public key is used to verify the signatures.
OAuth2 has it's own users and when you want to use the API, you have to create users first.
Run this SQL command to create a user
alan with secret
INSERT INTO "oauth2_client" ("identifier", "secret", "grants", "active") VALUES ('alan', 'xxx', 'client_credentials password', '1');
Never use password
xxx in production, always use secure passwords!
Generate your API token¶
Run following code in bash
curl -X POST \ 'http://127.0.0.1:8000/api/token' \ -d 'grant_type=client_credentials' \ -d 'client_id=alan' \ -d 'client_secret=xxx'
When everything goes right, you'll get a similar response with token that is valid for one hour. You will need to generate new token after this one expires.
The bearer token is the value of the
Now you can continue with your first API call