Authentication

Owned by JM Lopez
Last updated: Jun 06, 2023
3 min read

Introduction

The API requires a token sent on each request via the Authorization header to authenticate. This token can be obtained by making a POST request to the URI /auth/request-token where you would include your VSKEY credentials using the Authorization Header.

Request Access Token

This section shows how to request an access token using HTTPie and cURL

Authentication tokens are valid for 24 hours (86,400 sec). After this period, a new token must be requested.

HTTPie

http POST https://vss-api.eis.utoronto.ca/auth/request-token -a <username> http: password for <username>@vss-api.eis.utoronto.ca:
Response Headers
 HTTP/1.1 200 OK Allow: POST, OPTIONS Connection: keep-alive Content-Length: 179 Content-Type: application/json Date: Fri, 29 Apr 2016 11:52:47 GMT Strict-Transport-Security: max-age=63072000 X-Content-Type-Options: nosniff X-Frame-Options: DENY X-RateLimit-Limit: 5 X-RateLimit-Remaining: 4 X-RateLimit-Reset: 1461930780
Response Body
{ "duration": 86400, "exp": <expiry_time>, "exp_date": "<timestamp>", "token": "<token>", "type": "ACCESS" }

cURL

Response Headers
Response Body

Unauthorized

Getting a 401 Unauthorized error as shown below when requesting a new access token, could be due to the following reasons:

Response

Username and password combination is not valid

Re-initializing your VSKEY credentials is strongly advised. To do so, please follow this KB Article.

Response

User is not permitted to access the API

Contacting the VSS Team to request access is advised by email or our contact form.

Response

Using Access Token

At this point you have already generated an access token to use the API valid for a certain period of time. Now, this token can be used for every request made to a given API endpoint via GET, POST, PUT, PATCH. 

There are two separate approaches to authenticate using OAuth: Bearer Authorization Header and Basic Authentication described in the following sections:

Bearer Authorization Header

The first approach is sending a bearer authorization header within your request, which will authorize the request from the header section. The following examples illustrate how to pass the Authorization header with CURL and HTTPie

Basic Authentication

The second approach is using basic authentication as shown below:

 

Unauthorized

Getting a 401 Unauthorized error as shown below when using an access token, could be due to the following reasons:

Expired Token

Generate a new token as previously described /auth/request-token

Response

Invalid Token

Either a typo or something at our end went wrong. Just generate a new access token at  /auth/request-token

Response

User is no longer authorized to access the API

Contacting the VSS Team to request or restore access is advised by email or our contact form.

Response