Authentication

All endpoints under the Nebula Block API require user authentication to validate a user's identity and to know whose resources to access/create/alter/delete. For authentication, there are two options:

Regardless of the method, Bearer authentication is used and requires the following header be specified in an HTTP request:

Authorization: Bearer <token/key>

Access Tokens

Access tokens are obtained by logging in with a username and password via the login endpoint, and retrieving the jwtToken field in the response body. Once obtained, the following authorization header can be specified in each request:

Authorization: Bearer <access_token>

For example:

Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJiZWJlZXJtaW5nQDEyNi5jb20iLCJyb2xlcyI6WyJHVUVTVCJdLCJleHAiOjE3MzAzOTM5NTMsInNjb3BlcyI6WyJHVUVTVCJdfQ.IVMMITYihqkMszTo_x7uP6gocxgN5RLfLZiJY8VqEyk

NOTE: Access tokens expire after 2 hours, in which case you need to log in again to get a new access token

API Keys

API keys can also be used to authenticate requests. The benefit of using an API key is that there is no expiration date, so you can use them without authenticating often. To learn how to create and manage API keys, see the API Key Section Documentation. Once an API key is obtained, the following authorization header can be specified in each request:

Authorization: Bearer <api_key>

For example:

Authorization: Bearer ak_W4KL0Rw8Rv6Mp7h7fY77dFgHDl_EMAojslklxhMI9-0

INFO: API keys are always prefixed with ak_. The prefix is how they are differentiated from access tokens.

Login

HTTP Request

POST {API_URL}/login

Body Parameters

Parameters
Requirements
Type
Description

username

Required

string

Login username/email

password

Required

string

Login password

Response Attributes

data dict

A dictionary that contains the access token (jwtToken)

status string

Indicates the result of the request to log in. success signifies success, while failed indicates an error.

message string

A description of the status of the request.

Example

Request

curl -X POST '{API_URL}/login' \
-H 'Content-Type: application/x-www-form-urlencoded' \
-d '{
    "username": "[email protected]",
    "password": "123456789",
}'

Response

{
    "data": {
        "id": 18,
        "name": "Test User",
        "email": "[email protected]",
        "is_staff": false,
        "is_active": true,
        "jwtToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiJhZG1pbkBnbWFpbC5jb20iLCJyb2xlcyI6WyJBRE1JTiJdLCJleHAiOjE3MzA3NTg2MzYsInNjb3BlcyI6WyJBRE1JTiJdfQ.QwXYFII5y_V_9bIRQ3R-9W-jATjHa2yfklLaTQzVwS8"
    },
    "message": "Login successful",
    "status": "success"
}

Last updated