oceanprotocol/docs
1
0
Fork 0
mirror of https://github.com/oceanprotocol/docs.git synced 2024-11-01 15:55:34 +01:00
Code Releases Activity
d24b9dc838
docs/developers/provider/authentication-endpoints.md

3.1 KiB
Raw Blame History

Authentication Endpoints

Provider offers an alternative to signing each request, by allowing users to generate auth tokens. The generated auth token can be used until its expiration in all supported requests. Simply omit the signature parameter and add the AuthToken request header based on a created token.

Please note that if a signature parameter exists, it will take precedence over the AuthToken headers. All routes that support a signature parameter support the replacement, with the exception of auth-related ones (createAuthToken and deleteAuthToken need to be signed).

Create Auth Token

Endpoint: GET /api/services/createAuthToken

Description: Allows the user to create an authentication token that can be used to authenticate requests to the provider API, instead of signing each request. The generated auth token can be used until its expiration in all supported requests.

Parameters:

  • address: The Ethereum address of the consumer (Optional).
  • nonce: A unique identifier for this request, to prevent replay attacks (Required).
  • signature: A digital signature proving ownership of the address. The signature should be generated by signing the hashed concatenation of the address and nonce parameters (Required).
  • expiration: A valid future UTC timestamp representing when the auth token will expire (Required).

Curl Example:

GET /api/services/createAuthToken?address=<your_address>&&nonce=<your_nonce>&&expiration=<expiration>&signature=<your_signature>

Inside the angular brackets, the user should provide the valid values for the request.

Response:

{"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJleHAiOjE2NjAwNTMxMjksImFkZHJlc3MiOiIweEE3OGRlYjJGYTc5NDYzOTQ1QzI0Nzk5MTA3NUUyYTBlOThCYTdBMDkifQ.QaRqYeSYxZpnFayzPmUkj8TORHHJ_vRY-GL88ZBFM0o"}

Javascript Example:

const axios = require('axios');
const address = "0x7e2a2FA2a064F693f0a55C5639476d913Ff12D05"
const nonce = 1
const signature 
const url = `https://provider.oceanprotocol.com/api/services/createAuthToken?address=${address}&nonce=${nonce}&expiration=<expiration>&signature=<your_signature>`;
axios.get(url).then(response => {
  console.log(response.data);
}).catch(error => {
  console.error(error);
});

Delete Auth Token

DELETE /api/services/deleteAuthToken

Allows the user to delete an existing auth token before it naturally expires.

Parameters

address: String object containing consumer's address (optional)
nonce: Integer, Nonce (required)
signature: String object containg user signature (signed message)
  The signature is based on hashing the following parameters:
  address + nonce
token: token to be expired

Returns: Success message if token is successfully deleted. If the token is not found or already expired, returns an error message.

Example:

DELETE /api/services/deleteAuthToken?address=<your_address>&&nonce=<your_nonce>&&token=<your_token>&signature=<your_signature>

Inside the angular brackets, the user should provide the valid values for the request.

Response:

{"success": "Token has been deactivated."}