docs/developers/provider/authentication-endpoints.md

# Authentication Endpoints

Provider offers an alternative to signing each request, by allowing users to generate auth tokens. The generated auth token can be used until its expiration in all supported requests. Simply omit the signature parameter and add the AuthToken request header based on a created token.

Please note that if a signature parameter exists, it will take precedence over the AuthToken headers. All routes that support a signature parameter support the replacement, with the exception of auth-related ones (createAuthToken and deleteAuthToken need to be signed).

### Create Auth Token

**Endpoint:** `GET /api/services/createAuthToken`

**Description:** Allows the user to create an authentication token that can be used to authenticate requests to the provider API, instead of signing each request. The generated auth token can be used until its expiration in all supported requests.

**Parameters:**

* `address`: The Ethereum address of the consumer (Optional).
* `nonce`: A unique identifier for this request, to prevent replay attacks (Required).
* `signature`: A digital signature proving ownership of the `address`. The signature should be generated by signing the hashed concatenation of the `address` and `nonce` parameters (Required).
* `expiration`: A valid future UTC timestamp representing when the auth token will expire (Required).

**Curl Example:**

{% code overflow="wrap" %}
```
GET /api/services/createAuthToken?address=<your_address>&&nonce=<your_nonce>&&expiration=<expiration>&signature=<your_signature>
```
{% endcode %}

Inside the angular brackets, the user should provide the valid values for the request.

Response:

{% code overflow="wrap" %}
```
{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjAwNTMxMjksImFkZHJlc3MiOiIweEE3OGRlYjJGYTc5NDYzOTQ1QzI0Nzk5MTA3NUUyYTBlOThCYTdBMDkifQ.QaRqYeSYxZpnFayzPmUkj8TORHHJ_vRY-GL88ZBFM0o"}
```
{% endcode %}

#### Javascript Example:

```runkit  nodeVersion="18.x.x"
const axios = require('axios');
const address = "0x7e2a2FA2a064F693f0a55C5639476d913Ff12D05"
const nonce = "1"
const signature = ""
const url = `http://provider.oceanprotocol.com/api/services/createAuthToken?address=${address}&nonce=${nonce}&expiration=<expiration>&signature=<your_signature>`;
axios.get(url).then(response => {
  console.log(response.data);
}).catch(error => {
  console.error(error);
});

```

#### Delete Auth Token

#### DELETE /api/services/deleteAuthToken

Allows the user to delete an existing auth token before it naturally expires.

Parameters

```
address: String object containing consumer's address (optional)
nonce: Integer, Nonce (required)
signature: String object containg user signature (signed message)
  The signature is based on hashing the following parameters:
  address + nonce
token: token to be expired
```

Returns: Success message if token is successfully deleted. If the token is not found or already expired, returns an error message.

#### Javascript Example:

{% code overflow="wrap" %}
```javascript
const axios = require('axios');

// Define the address, token, and signature
const address = '<your_address>';  // Replace with your address
const token = '<your_token>';  // Replace with your token
const signature = '<your_signature>';  // Replace with your signature

// Define the URL for the deleteAuthToken endpoint
const deleteAuthTokenURL = 'http://<provider_url>/api/services/deleteAuthToken';  // Replace with your provider's URL

// Make the DELETE request
axios.delete(deleteAuthTokenURL, {
    data: {
        address: address,
        token: token
    },
    headers: {
        'Content-Type': 'application/json',
        'signature': signature
    }
})
.then(response => {
    console.log(response.data);
})
.catch(error => {
    console.log('Error:', error);
});

```
{% endcode %}

Replace `<provider_url>`, `<your_address>`, `<your_token>`, and `<your_signature>` with actual values. This script sends a DELETE request to the `deleteAuthToken` endpoint and logs the response. Please ensure that `axios` is installed in your environment (`npm install axios`).

#### Example Response:

```
{"success": "Token has been deactivated."}
```
GITBOOK-235: change request with no subject merged in GitBook 2023-05-23 15:20:36 +02:00			`# Authentication Endpoints`

GITBOOK-259: change request with no subject merged in GitBook 2023-05-23 21:29:23 +02:00			`Provider offers an alternative to signing each request, by allowing users to generate auth tokens. The generated auth token can be used until its expiration in all supported requests. Simply omit the signature parameter and add the AuthToken request header based on a created token.`
Updating provider content 2023-05-23 15:29:55 +02:00
			`Please note that if a signature parameter exists, it will take precedence over the AuthToken headers. All routes that support a signature parameter support the replacement, with the exception of auth-related ones (createAuthToken and deleteAuthToken need to be signed).`

GITBOOK-259: change request with no subject merged in GitBook 2023-05-23 21:29:23 +02:00			`### Create Auth Token`

GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			Endpoint: `GET /api/services/createAuthToken`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			`Description: Allows the user to create an authentication token that can be used to authenticate requests to the provider API, instead of signing each request. The generated auth token can be used until its expiration in all supported requests.`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			`Parameters:`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			* `address`: The Ethereum address of the consumer (Optional).
			* `nonce`: A unique identifier for this request, to prevent replay attacks (Required).
			* `signature`: A digital signature proving ownership of the `address`. The signature should be generated by signing the hashed concatenation of the `address` and `nonce` parameters (Required).
			* `expiration`: A valid future UTC timestamp representing when the auth token will expire (Required).
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			`Curl Example:`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% code overflow="wrap" %}`
Updating provider content 2023-05-23 15:29:55 +02:00			```
			`GET /api/services/createAuthToken?address=<your_address>&&nonce=<your_nonce>&&expiration=<expiration>&signature=<your_signature>`
			```
GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% endcode %}`
Updating provider content 2023-05-23 15:29:55 +02:00
			`Inside the angular brackets, the user should provide the valid values for the request.`

			`Response:`

GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% code overflow="wrap" %}`
Updating provider content 2023-05-23 15:29:55 +02:00			```
			`{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjAwNTMxMjksImFkZHJlc3MiOiIweEE3OGRlYjJGYTc5NDYzOTQ1QzI0Nzk5MTA3NUUyYTBlOThCYTdBMDkifQ.QaRqYeSYxZpnFayzPmUkj8TORHHJ_vRY-GL88ZBFM0o"}`
			```
GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% endcode %}`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			`#### Javascript Example:`

			```runkit nodeVersion="18.x.x"
			`const axios = require('axios');`
			`const address = "0x7e2a2FA2a064F693f0a55C5639476d913Ff12D05"`
GITBOOK-328: change request with no subject merged in GitBook 2023-05-26 15:33:34 +02:00			`const nonce = "1"`
			`const signature = ""`
			const url = `http://provider.oceanprotocol.com/api/services/createAuthToken?address=${address}&nonce=${nonce}&expiration=<expiration>&signature=<your_signature>`;
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			`axios.get(url).then(response => {`
			`console.log(response.data);`
			`}).catch(error => {`
			`console.error(error);`
			`});`
GITBOOK-328: change request with no subject merged in GitBook 2023-05-26 15:33:34 +02:00
GITBOOK-267: change request with no subject merged in GitBook 2023-05-24 14:51:10 +02:00			```

GITBOOK-259: change request with no subject merged in GitBook 2023-05-23 21:29:23 +02:00			`#### Delete Auth Token`

Updating provider content 2023-05-23 15:29:55 +02:00			`#### DELETE /api/services/deleteAuthToken`

			`Allows the user to delete an existing auth token before it naturally expires.`

			`Parameters`

			```
			`address: String object containing consumer's address (optional)`
			`nonce: Integer, Nonce (required)`
			`signature: String object containg user signature (signed message)`
			`The signature is based on hashing the following parameters:`
			`address + nonce`
			`token: token to be expired`
			```

			`Returns: Success message if token is successfully deleted. If the token is not found or already expired, returns an error message.`

GITBOOK-331: Adding javascript code example for /deleteAuthToken 2023-05-26 16:14:37 +02:00			`#### Javascript Example:`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% code overflow="wrap" %}`
			```javascript
GITBOOK-331: Adding javascript code example for /deleteAuthToken 2023-05-26 16:14:37 +02:00			`const axios = require('axios');`

			`// Define the address, token, and signature`
			`const address = '<your_address>'; // Replace with your address`
			`const token = '<your_token>'; // Replace with your token`
			`const signature = '<your_signature>'; // Replace with your signature`

			`// Define the URL for the deleteAuthToken endpoint`
			`const deleteAuthTokenURL = 'http://<provider_url>/api/services/deleteAuthToken'; // Replace with your provider's URL`

			`// Make the DELETE request`
			`axios.delete(deleteAuthTokenURL, {`
			`data: {`
			`address: address,`
			`token: token`
			`},`
			`headers: {`
			`'Content-Type': 'application/json',`
			`'signature': signature`
			`}`
			`})`
			`.then(response => {`
			`console.log(response.data);`
			`})`
			`.catch(error => {`
			`console.log('Error:', error);`
			`});`

Updating provider content 2023-05-23 15:29:55 +02:00			```
GITBOOK-604: Fix subgraph python scripts 2023-06-23 13:30:54 +02:00			`{% endcode %}`
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-331: Adding javascript code example for /deleteAuthToken 2023-05-26 16:14:37 +02:00			Replace `<provider_url>`, `<your_address>`, `<your_token>`, and `<your_signature>` with actual values. This script sends a DELETE request to the `deleteAuthToken` endpoint and logs the response. Please ensure that `axios` is installed in your environment (`npm install axios`).
Updating provider content 2023-05-23 15:29:55 +02:00
GITBOOK-331: Adding javascript code example for /deleteAuthToken 2023-05-26 16:14:37 +02:00			`#### Example Response:`
Updating provider content 2023-05-23 15:29:55 +02:00
			```
			`{"success": "Token has been deactivated."}`
			```