github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-22 18:18:04 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
dae9de554ada0ad2a5808478235e8205fea5feba
directus/docs/reference/api/authentication.md
rijkvanzanten 2e5b053d99 Fix app links and old rest references
2021-04-08 15:36:11 -04:00

1.6 KiB
Raw Blame History

Authentication

By default, all data in the system is off limits for unauthenticated users. To gain access to protected data, you must include an access token with every request, or configure permissions for the public role.

Authenticating with Tokens

In order to authenticate to the API, you have to pass an authentication token. The token can be passed in two ways:

Query Parameter

Pass the token in the access_token query parameter: ?access_token=<token>

?access_token=eyJh...KmUk

Authorization Header

Pass the token in the Authorization header: Authorization: Bearer <token>

Authorization: Bearer eyJh...KmUk

Types of Tokens

There are two types of tokens that can be used to authenticate within Directus:

Temporary Token (JWT)

These are the tokens as returned by the login endpoint/mutation. These tokens have a relatively short expiration time, and are thus the most secure option to use. The tokens are returned with a refresh_token that can be used to retrieve a new access token via the refresh endpoint/mutation.

Static Token

Each user can have one static token that will never expire. This is useful for server-to-server communication, but is also less secure than the JWT token. This token is saved to the database (directus_users.token) in plain-text.

::: tip Retrieving a Token

Looking for how to get an access token? See the login endpoint/mutation.

:::

Reference in New Issue View Git Blame Copy Permalink