Options and API

API Authentication

To use our data APIs you need to authenticate through a secret token in the Authorization HTTP header.

In order to get this token, you will need to make a double authentication. The first call will provide you with a "refreshToken" that will allow you to get an "accessToken" with the second call.

For stronger security, the "refreshToken" expires automatically after a specific number of days. Meaning that you need to dynamically generate a new token every time you need to use our Data APIs. The "accessToken" expires automatically after 5 minutes.

To generate a new token you need to run this command:

curl https://apiv2.streamroot.io/auth/auth/login --data '{"login": "XXX@YYY.com", "password": "XXXXXX"}' -H "Content-type: application/json"

 

If you receive this message:

{"message":"bad username or password"}
It means that either your username or your password is wrong. Please make sure you are using correct username and password

Below is an example of the "refreshToken" you get when the entered credentials are correct:

{
 "refreshToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDMzMzMwNjQsImxvZ2luIjoic3RyZWFtcm9vdHN0cmVhbWluZ0BnbWFpbC5jb20iLCJpZCI6ImI4YjFhNmUyLTVlODYtNDdlYy1iYzM0LTUzNTQzMWQ5MDk2NCIsInJvbGUiOiJ1c2VyIn0._jGg1rJKprKUlPi7CrjRZ-GOSYnPriea6Mg-bc64wF4"
}

You then need to run this command adding the previous token in the Authorization HTTP header:

curl https://apiv2.streamroot.io/auth/auth/token -H "Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE1NDMzMzMwNjQsImxvZ2luIjoic3RyZWFtcm9vdHN0cmVhbWluZ0BnbWFpbC5jb20iLCJpZCI6ImI4YjFhNmUyLTVlODYtNDdlYy1iYzM0LTUzNTQzMWQ5MDk2NCIsInJvbGUiOiJ1c2VyIn0._jGg1rJKprKUlPi7CrjRZ-GOSYnPriea6Mg-bc64wF4" -H "Content-type: application/json" -X POST

If you receive this message:

{"message":"unauthorized"}

It means that the "refreshToken" you provided is either wrong or has expired.

 

If the token is correct, you will get this "accessToken":

{
 "accessToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyKhdWQiOiJyZWZyZXNoIiwiZXhwIjoxNTY4MTI3MjY0LCJqdGkiOiJmZjgwMmJmOC1lODM4LTRmNTEtYTliOS1jyDRjOGZmYjUwN2EiLCJzdWIiOiJlbWlsZS5wb21taWVyQJN0cmVhbXJvb3QuaW8ifQ.Ty-oNn6SlCAmvgvXf4nj4m4ym17cRr0DzhDsw2cmz41",
 "tokenExpiresIn":300
}

 

Then, you should use your token in the Authorization HTTP header:

Authorization: Bearer {YOUR_ACCESS_TOKEN}

Related articles