Page Comparison

Overview

All Squirro API resources are protected and authentication credentials for HTTP authentication (using the Authorization header) are mandatory. The caller needs to use generated user tokens with HTTP Basic access authentication or use bearer tokens in HTTP requests to access the protected resources.

Table of Contents

User Token

...

To authenticate with the Squirro platform the caller needs a user token which . That token can be generated on behalf of a specific user by visiting https://squirro.com/app/#settings/api (see Endpoint Mapping for more information). A user token limits the allowed operation to the corresponding user.

For regular access to the Squirro API the generated token is sufficient. Sample use cases of how the generated user token is used are illustrated in the Python SDK Tutorial.

Bearer Token Creation

Instead of using a generated user token for each request a new bearer token can be obtained for the corresponding user by issuing the following request.

    client = SquirroClient(None, None, cluster='https://squirro_enpoint')
    client.authenticate(refresh_token='<user_token>')
    

Alternatively, a new bearer token can be obtained for the corresponding username and password by issuing the following request. The previously registered client identifier and client secret need to be provided (see Registration).

    client = SquirroClient(client_id='<client_id>', client_secret='<secret>')
    client.authenticate(username='<user>', password='<pwd>')
    

An example return value for a successful authentication attempt with the Squirro platform is shown below. The access token is to be included in every request towards the Squirro API.

...

...

in the "API Access" section of the Squirro settings. The resulting user token provides access according to the rights of the user.

Using the Token in the API

In the context of the API the user token is called a refresh token. To use the API, a refresh token can not be used directly, instead an access token needs to be generated. The access token expires very quickly (10 minutes by default) where the refresh token does not expire.

Create Access Token

POST https://squirro-server/api/user/oauth2/token


Log into Squirro using a refresh token.

{
    "project_permissions": [
        "*",
        "frontend.user"
    ],
    "user_id": "qjsRI0s0XVGli8qPPCjKzw",
    "access_token": "882d9b12cce019ee0137e54beaeea2227db4db3e",
    "session_id": "M9cRgRXUSSOpe_F0YRwdmg",
    "role": "admin",
    "refresh_token": "

...

200…3c3",

...

    "

...

role_

...

permissions": [
        "

...

admin",
       

...

 "

...

profile.write.update",
       

...

 "projects.write.create"
    ],
 

...

   "tenant": "squirro_demo"
}

...

Use Access Token

...

Each access token expires after ten minutes. The refresh token is used to get a new access token. By default the refresh token expires after a year.

...

language	python

...

To use the access token with any of the API requests (see Working with Squirro APIs), the access token needs to be passed in with the Authorization header, prefixed with the token "Bearer".

Example HTTP request:

Code Block
language text
GET /api/topic/v0/squirro_demo/projects HTTP/1.1 Host: squirro-server Accept: application/json Authorization: Bearer 882d9b12cce019ee0137e54beaeea2227db4db3e

Squirro Client

The Python SDK handles all of the authentication logic automatically. Initially authenticate using the refresh token by using the authenticate method:

client = SquirroClient(None, None, cluster='https://squirro-server')
client.authenticate(refresh_token='<refresh_token>200…3c3')
    

Registration

...

The client will retrieve a authentication token and use that for all subsequent requests. When the token expires, the client will re-authenticate using the refresh token and retry the failed request.