Link Search Menu Expand Document
Bespot SDK

Authentication

Bespot API supports both Basic Authentication and JWT Authentication over HTTPS. While both authentication methods are supported, API consumers are strongly advised to use JWT method to authenticate. To consume any resource the Authorization HTTP header is required.

Basic Authentication

To consume an endpoint using Basic Authentication, the Authorization HTTP header should be filled with prefixed with the following string: Basic and the available credentials encoded in Base64 format.

Authorization: Basic BASE64_ENCODED_CREDENTIALS

JWT Authentication

Before consuming any endpoint, each client needs to be authenticated with the API providing the authentication credentials. If the authentication is successful, a JWT access token is provided. This token can, then, be used in each subsequent API request so for the client to be authorised to access each the resource.

GET JWT ACCESS TOKEN

See below the details of the authentication request to acquire the JWT access token.

Resource [POST]

[/auth/jwt/token/]

Request 

{
  "username": "test-username",
  "password": "test-password",
}

Response 

{
    "access": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlIiwiSXNzdWVyIjoiZHNmIiwiVXNlcm5hbWUiOiJkZnNmZHMiLCJleHAiOjE3MDgwNzgwNTIsImlhdCI6MTcwODA3ODA1Mn0.QzC_fwqMsWUJS9VBiqLt_PJnQaCLnOI3B-xOEdK6Ops",
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}

Example cURL 

curl --location 'https://api.staging.bespot.dev/api/auth/jwt/token/' \
--header 'Content-Type: application/json' \
--data '{ "username": "test-username", "password": "test-password" } '

ACCESSING API RESOURCES

If the client is authenticated successfully, a JWT access token and a refresh token are returned. To consume an endpoint using JWT Authentication, the Authorization HTTP header should be filled with the acquired JWT access token prefixed with the following string: Bearer .

Authorization: Bearer JWT_ACCESS_TOKEN

REFRESH JWT ACCESS TOKEN

JWT access tokens are expiring for security purposes. In such case, the JWT access token gets invalided and a new one should be acquired. To get a new JWT access token, client can use the provided refresh token from the /auth/jwt/token/ response. See below the details of the authentication request.

Resource [POST]

[/auth/jwt/token/refresh/]

Request 

{
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}

Response 

{
    "access": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlZmRzZGZzIiwiSXNzdWVyIjoiSXNzdWVyIiwiVXNlcm5hbWUiOiJkZnNkZmZkZnNmZHMiLCJleHAiOjE3MDgwNzkwNjUsImlhdCI6MTcwODA3OTA2NX0.SmcSysBMGLpUzgoBhyw7XjfLw4RYYuk7K5cAPcjdcxs",
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlZmRzZGZzIiwiSXNzdWVyIjoiZHNmcmVncmdlciIsIlVzZXJuYW1lIjoiZGZzZGZmZGZzZmRzIiwiZXhwIjoxNzA4MDc5MDY1LCJpYXQiOjE3MDgwNzkwNjV9.IR93o7o3OfU5mSYts4i025D4rDMLPhkVe4UMhuZMzek"
}

Example cURL 

curl --location 'https://api.staging.bespot.dev/api/auth/jwt/token/refresh/' \
--header 'Content-Type: application/json' \
--data '{
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}'

Back to top

Copyright © 2024 bespot private company.