To access Golioth APIs over a REST interface, users need to be properly authenticated. By default, our web application and CLIs uses user authentication. But for machine to machine communication, it's better to have a more controlled way to authenticate and authorize the usage of our APIs, that's why we added a feature to create API Keys on our platform.
You can manage API Keys using the Web Console or through the CLI. Here we are gonna show how to create an API Key and use with our REST API.
By default, any API Key created is bounded and limited to the given project, so you don't need to worry on your API Key having access to other projects. We are also working on more ways to restrict or give more permissions to API Keys, but for now keys have permissions for doing the most common actions on the platform like accessing Light DB, Light DB Stream, listing devices and more.
To create a simple API Key, you can run the following command:
To create a JWT Based API Key, you can run the following command:
To list API Keys on the current project, you can use
apikeys list sub command:
Basic API Key, doesn't require any extra processing to be used and you can use it on a
X-API-Key header. Now let's list devices on a project using
To access our platform API using a JWT based API Key, we need to create a JWT with a secret using HS256. The JWT should be crafted as follows (according to RFC 7519):
First, its header must be:
The second step is to add to the JWT claims, the
iss (issuer field) with the
Using the JWT debugger at https://jwt.io with the header (HS256), claims (iss), and secret associated with your API Key, you’ll end up with a valid JWT token that can be used like bellow: