github/directus
1
0
Fork 0
mirror of https://github.com/directus/directus.git synced 2026-01-22 19:58:09 -05:00
Code Issues Packages Projects Releases Wiki Activity
Files
f79a9bebc0f4c15ffa60a4ed8433830938bdb8d4
directus/docs/reference/api/authentication.md
Rijk van Zanten 817ccf3620 Overhaul docs (#3951) 
* Add Quickstart Guide

* Update installation

* Remove unused files

* Update support/backing

* Tweaks in concepts

* Setup file structure for API reference 2.0

* Setup page layout for reference

* Add clean-urls plugin

* getting started updates

* Finish authentication rest

* getting started updates

* Render stylus in 2 spaces

* Various

* Various

* Finish activity docs

* Add collections reference

* Add extension reference

* concepts updates

* Fields/tweaks

* Add files doc

* Add revisions

* concepts docs

* More api reference

* Finish rest api reference (finally)

* initial concepts

* More things

* Add assets api ref

* Move sections from file to assets

* Add environment variables

* contributing docs

* Add field transforms page

* Left align table headers

* concept links

* Add API config

* Fix mobile nav

* Add migrating a project

* doc link fixes

Co-authored-by: Ben Haynes <ben@rngr.org>
2021-02-05 18:51:54 -05:00

1.4 KiB
Raw Blame History

Authentication

By default, all data in the system is off limits for unauthenticated users. To gain access to protected data, you must include an access token with every request, or configure permissions for the public role.

Tokens

In order to authenticate to the API, you have to pass an authentication token. The token can be passed in two ways:

Query Parameter

Pass the token in the access_token query parameter: ?access_token=<token>

Authorization Header

Pass the token in the Authorization header: Authorization: Bearer <token>

// Query Param
?access_token=eyJh...KmUk

// Header
Authorization: Bearer eyJh...KmUk

Types

There's two types of tokens that can be used within Directus:

Temporary Token (JWT)

These are the tokens as returned by the /auth/login endpoint. These tokens have a relatively short expiration time, and are thus the most secure option to use. The tokens are returned with a refresh_token that can be used to retrieve a new access token through the /auth/refresh endpoint.

Static Token

Each user can have one static token that will never expire. This is useful for server-to-server communication, but is also less secure than the JWT token.

::: tip Retrieving a Token

This token can be retrieved through the login endpoint.

:::

Reference in New Issue View Git Blame Copy Permalink