github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-25 02:38:02 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
262b59c44d1237dee3f5efc9438c5ccd6be07b60
directus/docs/reference/api/authentication.md
Rijk van Zanten 817ccf3620 Overhaul docs (#3951) 
* Add Quickstart Guide

* Update installation

* Remove unused files

* Update support/backing

* Tweaks in concepts

* Setup file structure for API reference 2.0

* Setup page layout for reference

* Add clean-urls plugin

* getting started updates

* Finish authentication rest

* getting started updates

* Render stylus in 2 spaces

* Various

* Various

* Finish activity docs

* Add collections reference

* Add extension reference

* concepts updates

* Fields/tweaks

* Add files doc

* Add revisions

* concepts docs

* More api reference

* Finish rest api reference (finally)

* initial concepts

* More things

* Add assets api ref

* Move sections from file to assets

* Add environment variables

* contributing docs

* Add field transforms page

* Left align table headers

* concept links

* Add API config

* Fix mobile nav

* Add migrating a project

* doc link fixes

Co-authored-by: Ben Haynes <ben@rngr.org>
2021-02-05 18:51:54 -05:00

47 lines
1.4 KiB
Markdown
Raw Blame History

# Authentication
By default, all data in the system is off limits for unauthenticated users. To gain access to protected data, you must
include an access token with every request, or
[configure permissions for the public role](/guides/roles-and-permissions).
## Tokens
In order to authenticate to the API, you have to pass an authentication token. The token can be passed in two ways:
#### Query Parameter
Pass the token in the `access_token` query parameter: `?access_token=<token>`
#### Authorization Header
Pass the token in the Authorization header: `Authorization: Bearer <token>`
```
// Query Param
?access_token=eyJh...KmUk
// Header
Authorization: Bearer eyJh...KmUk
```
### Types
There's two types of tokens that can be used within Directus:
#### Temporary Token (JWT)
These are the tokens as returned by the [/auth/login](/reference/api/rest/authentication/#login) endpoint. These tokens
have a relatively short expiration time, and are thus the most secure option to use. The tokens are returned with a
`refresh_token` that can be used to retrieve a new access token through the [`/auth/refresh`](#refresh) endpoint.
#### Static Token
Each user can have one static token that will never expire. This is useful for server-to-server communication, but is
also less secure than the JWT token.
::: tip Retrieving a Token
This token can be retrieved through [the login endpoint](#login).
:::
Reference in New Issue View Git Blame Copy Permalink