API Authentication and Authorization
Paanda use Token Based Authentication
Token based authentication works by ensuring that each request to a server is accompanied by a signed token which the server verifies for authenticity and only then responds to the request.
Token is used to identify your account , Teams, and Roles. Paanda has built-in support for
- Accounts Management,
- Teams Management,
- Roles Management
Most of REST endpoints require authentiction (token), there are two types of tokens in system
token
- used for simplified API accessJWTtoken
- generated using username and password ortoken
Authorization using username and password or API token
Note
The "createCookie" parameter is optional. By default, it is set to false
. If you wish to create a cookie, set this parameter to true
.
Using username and password
HTTP | |
---|---|
Return JWTtoken
Using token
HTTP | |
---|---|
Authentication
Note
- Authorization header must be base64 encoded
curl
use-u
option to send Authorization Basic (curl has built-in support for base64 encoding)curl
use-H
option to send Authorization Token (curl has built-in support for base64 encoding)
Authorization using Token in query parameters
Security risk
- Sending authorization token in query parameters is not secure, it is recommended to use header
- This method should be used in fully controlled environment, ex. in internal network
HTTP | |
---|---|
HTTP | |
---|---|
Authorization using cookie
You need to attach cookie to request with name ptoken
={{JWTtoken}}