Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 11 Current »

Introduction to dRofus API Authentication

To interact with the dRofus API, you need to authenticate using OAuth2 Bearer tokens. The dRofus API supports two OAuth2 authentication methods:

1. Authorization Code Flow

This method is designed for web applications where a user needs to actively grant permission. It's typically used when user interaction is required to approve access (eg selecting db and project)

2. Client Credentials Flow

This flow is more suited for server-to-server communication, where no user interaction is needed. It allows your backend systems to communicate with the dRofus API autonomously.

In the guides below, we will use the Client Credentials Flow as it's best for automated, script-based, or backend API interactions. Balazs will provide you with your client_id and client_secret.

Authorization for Writing Data

For write operations (updating or creating data), make sure that a user named "test" is included in the dRofus project. All modifications will be made under this user account, which should have the necessary permissions.

Using HTTP Basic Authentication (for Testing Purposes)

In addition to OAuth2, HTTP Basic Authentication can also be used for testing purposes. However, it is not recommended for production due to security risks. Here's how to set it up:

Steps to Set Up Basic Authentication:

  1. Create an “API dRofus user":

    • Do not use your personal account for this.

    • Ensure the API user's email is not set to your own.

    • Generate a strong password for this user.

      image-20241015-121802.png

  2. Add the user to the project:

    • Ensure that this user has sufficient access to perform the required API operations.

  3. Set up authentication:

    • In Postman, select Basic Auth as the authentication type.

      image-20241015-122221.png

    • For scripts, you need to encode the username and password into base64. Here's an example of how to do this in Python:

    import base64
import os
from dotenv import load_dotenv

credentials = f"{os.getenv("DR_USERNAME")}:{os.getenv("DR_PASSWORD")}"
encoded_credentials = base64.b64encode(credentials.encode()).decode()

# Encoded string can then be used for Basic Authentication in your API requests:
headers = {"Authorization": encoded_credentials}

Important Security Considerations:

  • Do not store encoded credentials in plain text. Always use environment variables to handle credentials safely, as shown in the earlier examples.

  • Do not confuse the term encoded with encrypted. Base64 encoding can be reversed into username and password in seconds, the credentials must therefore be treated like a password.

By following these steps, you can set up Basic Authentication for testing while ensuring you handle credentials with care.

Examples

Simple dRofus Read/Write API in Python

Simple dRofus Read/Write API in Postman

  • No labels

https://support.drofus.com