Authentication and Security
Access to Squore data using the API is protected by two types of HTTP authentication schemes:
-
Basic, only for the
GET /token
API request. -
Bearer, for all other API requests.
When using a REST client, authentication is done by providing the Authorisation header when making the request.
curl -X GET "http://localhost:8180/api/projects" -H "accept: application/json" -H "Authorization: Bearer <token>"
Squore data access via the API is restricted to users permissions in Squore. Users will not be able to access information that they do not have access to in the Squore’s web interface. |
Retrieve Permanent Token
First type of tokens that can be generated in Squore are permanent tokens, which are generated from the Squore application’s web interface.
To do so, start by clicking your username in the menu bar and select the Account Settings option.
In the Tokens tab enter the name you want to assign to your new permanent token and then click Add.
Once created, the new token will appear in the table below, alongside the others.
Several tokens can be created and be active at the same time. This can be useful, for example if you want to associate a token with an external script that would use the API to retrieve data. |
Permanent tokens have no expiration date. The only way to invalidate them is to revoke them from the Account Settings page, by clicking the Revoke button. |
Retrieve Temporary Token
Second type of tokens in Squore are temporary tokens. They are generated by executing the API request: GET /token
.
By default, temporary tokens expire 24 hours after their creation. They also expire upon a restart of Squore server. The expiration time can be changed from the administration settings. |
To know more about what is an API request and how to execute it, have a look at Using the API sections.
Don’t forget to have a look at API Viewer page. From there you will be able to:
|