Developer / Reference / HTTP API

Authentication

Last updated on 16-Mar-2021 by Jakob Jakobsen Boysen
Jakob Jakobsen Boysen

Platform Lead
boysen@scifeon.com
On this page

If you are integrating directly with the Scifeon HTTP API it is recommended to use the PAT authentication method. For implementations with low security requirements, such as scripts and bots, it is also possible to use Basic authentication method.

Scifeon itself uses cookie-based authentication in the browser, so you can call the HTTP API from TypeScript on the page and rely on the authentication that the browser has established.

Personal Access Token (PAT)

This token can either by short-lived or long-lived.

Short-lived

The short-lived token is retrieved by requesting a token using the username and password:

POST https://{host}/api/auth/login

Request:
{
   "username": "string",
   "password": "string"
}

Response:
{
   "accessToken": "string"
}
Copy

The accessToken is valid for 20 minutes and can be used like this:

curl -D- \
   -X GET \
   -H "Authorization: Bearer accessToken" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"
CopycURL

Long-lived

The long-lived token is generated in Scifeon here:

  1. Open your user profile: go to https://your-domain.scifeon.cloud/#/user/profile
  2. Click "New PAT" and copy the PAT generated and shown in the dialog (starts with PAT).
  3. Build a string of the form username:pat, e.g. support@scifeon.com:PAT... where the dots are the key generated.
  4. Base64 encode the string.
  5. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:PATrandomKey encodes to ZnJlZDpQQVRyYW5kb21LZXk= in base64, so you would make the request as follows:
curl -D- \
   -X GET \
   -H "Authorization: Basic ZnJlZDpQQVRyYW5kb21LZXk=" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"
CopycURL

Basic authentication

Basic authentication works just as you would expect:

  1. Build a string of the form username:password
  2. Base64 encode the string.
  3. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:
curl -D- \
   -X GET \
   -H "Authorization: Basic ZnJlZDpmcmVk" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"
CopycURL
On this page