OpenDroneMap-WebODM/slate/source/includes/reference/_authentication.md

# Reference

## Authentication

### Authentication Basics

> Get authentication token:

```bash
curl -X POST -d "username=testuser&password=testpass" http://localhost:8000/api/token-auth/

{"token":"eyJ0eXAiO..."}
```

> Use authentication token:

```bash
curl -H "Authorization: JWT <your_token>" http://localhost:8000/api/projects/

{"count":13, ...}
```

> Use authentication token via querystring (less secure):

```bash
curl http://localhost:8000/api/projects/?jwt=<your_token>

{"count":13, ...}
```


`POST /api/token-auth/`

Field | Type | Description
----- | ---- | -----------
username | string | Username
password | string | Password

To access the API, you need to provide a valid username and password. You can create users from WebODM's Administration page.

If authentication is successful, you will be issued a token. All API calls should include the following header:

Header |
------ |
Authorization: JWT `your_token` |

The token expires after a set amount of time. See [Token Expiration](#token-expiration) for more information.

Since applications sometimes do not allow headers to be modified, you can also authenticate by appending the `jwt` querystring parameter to a protected URL. This is less secure, so pass the token via header if possible.


### Token Expiration

The token expires after a set amount of time. The expiration time is dependent on WebODM's settings. You will need to request another token when a token expires.

You know that a token has expired if any call to an API returns a `403` status code with the JSON body `{'detail': 'Signature has expired.'}`.
Reorganized docs in subdocuments, started writing first example, quickstart 2017-02-14 02:13:23 +00:00			`# Reference`

			`## Authentication`

Added projects endpoint docs, error status codes, token expiration description 2017-08-31 21:51:52 +00:00			`### Authentication Basics`

Reorganized docs in subdocuments, started writing first example, quickstart 2017-02-14 02:13:23 +00:00			`> Get authentication token:`

			```bash
			`curl -X POST -d "username=testuser&password=testpass" http://localhost:8000/api/token-auth/`

			`{"token":"eyJ0eXAiO..."}`
			```

			`> Use authentication token:`

			```bash
			`curl -H "Authorization: JWT <your_token>" http://localhost:8000/api/projects/`

			`{"count":13, ...}`
			```

Added JWT token passing via querystring 2017-04-10 21:19:04 +00:00			`> Use authentication token via querystring (less secure):`

			```bash
			`curl http://localhost:8000/api/projects/?jwt=<your_token>`

			`{"count":13, ...}`
			```


Reorganized docs in subdocuments, started writing first example, quickstart 2017-02-14 02:13:23 +00:00			`POST /api/token-auth/`

			`Field \| Type \| Description`
			`----- \| ---- \| -----------`
			`username \| string \| Username`
			`password \| string \| Password`

			`To access the API, you need to provide a valid username and password. You can create users from WebODM's Administration page.`

			`If authentication is successful, you will be issued a token. All API calls should include the following header:`

			`Header \|`
			`------ \|`
			Authorization: JWT `your_token` \|

Added projects endpoint docs, error status codes, token expiration description 2017-08-31 21:51:52 +00:00			`The token expires after a set amount of time. See [Token Expiration](#token-expiration) for more information.`
Added JWT token passing via querystring 2017-04-10 21:19:04 +00:00
			Since applications sometimes do not allow headers to be modified, you can also authenticate by appending the `jwt` querystring parameter to a protected URL. This is less secure, so pass the token via header if possible.
Added projects endpoint docs, error status codes, token expiration description 2017-08-31 21:51:52 +00:00

			`### Token Expiration`

			`The token expires after a set amount of time. The expiration time is dependent on WebODM's settings. You will need to request another token when a token expires.`

			You know that a token has expired if any call to an API returns a `403` status code with the JSON body `{'detail': 'Signature has expired.'}`.