Skip to content
Scifeon logo Scifeon Documentation

Authentication

If you are integrating directly with the Scifeon HTTP API it is recommended to use the PAT authentication method. For implementations with low security requirements, such as scripts and bots, it is also possible to use Basic authentication method.

Scifeon itself uses cookie-based authentication in the browser, so you can call the HTTP API from TypeScript on the page and rely on the authentication that the browser has established.

Personal Access Token (PAT)

Section titled “Personal Access Token (PAT)”

This token can either by short-lived or long-lived.

Short-lived

Section titled “Short-lived”

The short-lived token is retrieved by requesting a token using the username and password:

POST https://{host}/api/auth/login


Request:
{
   "username": "string",
   "password": "string"
}


Response:
{
   "accessToken": "string"
}

The accessToken is valid for 20 minutes and can be used like this:

curl -D- \
   -X GET \
   -H "Authorization: Bearer accessToken" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"

Long-lived

Section titled “Long-lived”

The long-lived token is generated in Scifeon here:

  1. Open your user profile: go to https://your-domain.scifeon.cloud/#/user/profile
  2. Click “New PAT” and copy the PAT generated and shown in the dialog (starts with PAT).
  3. Build a string of the form username:pat, e.g. support@scifeon.com:PAT... where the dots are the key generated.
  4. Base64 encode the string.
  5. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:PATrandomKey encodes to ZnJlZDpQQVRyYW5kb21LZXk= in base64, so you would make the request as follows:
curl -D- \
   -X GET \
   -H "Authorization: Basic ZnJlZDpQQVRyYW5kb21LZXk=" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"

Basic authentication

Section titled “Basic authentication”

Basic authentication works just as you would expect:

  1. Build a string of the form username:password
  2. Base64 encode the string.
  3. Supply an Authorization header with content Basic followed by the encoded string. For example, the string fred:fred encodes to ZnJlZDpmcmVk in base64, so you would make the request as follows:
curl -D- \
   -X GET \
   -H "Authorization: Basic ZnJlZDpmcmVk" \
   -H "Content-Type: application/json" \
   "https://your-domain.scifeon.cloud/api/entity/experiment/EX00001"