Skip to main content

Secure endpoints

Secure endpoints are only accessible to authenticated users. This means that users need to login before doing a request to these endpoints.

These endpoints expect a valid Access token. The login request has two different ways to generate and return the Access token. By default, it sends the access token in a httpOnly cookie, or, if the noATCookie parameter is used during login, the access token is returned in the Authorization header.

If you are using a httpOnly cookie, to include this token in the request you need to use the credentials flag in the request options.

Login

// using axios
axios({
    method: 'POST',
    url: 'https://app.rested.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true',
    data: { username: 'username', password: 'password' } // login credentials
});

// using fetch
fetch('https://app.rested.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true', {
    method: 'POST',
    headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({ username: 'username', password: 'password' }) // user credentials
});

Accessing a secure endpoint

// using axios
axios({
    method: 'GET',
    url: 'https://app.rested.dev/api/1/ce/secure-endpoint?key=d59eb2859c284168ac48aef65046d5dd',
    withCredentials: true
});

// using fetch
fetch('https://app.rested.dev/api/1/ce/secure-endpoint?key=d59eb2859c284168ac48aef65046d5dd', {
    credentials: 'include',
    method: 'GET',
});

Example using Authorization header

Login

let authorizationHeader; // you need to store the Access Token somewhere

// using axios (noATCookie)
axios({
    method: 'POST',
    url: 'https://app.rested.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true&noATCookie=true',
    data: { username: 'username', password: 'password' } // login credentials
})
.then((response) => {
    if (response.headers.authorization) {
        authorizationHeader = response.headers.authorization;
    }
});

// using fetch (noATCookie)
fetch('https://app.rested.dev/api/1/ce/examples/auth?key=d59eb2859c284168ac48aef65046d5dd&login=true&noATCookie=true', {
    method: 'POST',
    headers: {
        'Accept': 'application/json',
        'Content-Type': 'application/json'
    },
    body: JSON.stringify({ username: 'username', password: 'password' }) // user credentials
})
.then((response) => {
    if (response.headers.get('authorization')) {
        authorizationHeader = response.headers.get('authorization');
    }
});

Accessing a secure endpoint

// using axios
axios({
    method: 'GET',
    url: 'https://app.rested.dev/api/1/ce/secure-endpoint?key=d59eb2859c284168ac48aef65046d5dd',
    headers: {
        Authorization: authorizationHeader
    }
});

// using fetch
fetch('https://app.rested.dev/api/1/ce/secure-endpoint?key=d59eb2859c284168ac48aef65046d5dd', {
    credentials: 'include',
    method: 'GET',
    headers: {
        'Authorization': authorizationHeader
    }
});