BigID API/Token Authentication: Difference between revisions

From BigID Developer Portal
No edit summary
 
(31 intermediate revisions by 2 users not shown)
Line 4: Line 4:


{{Note|If you don't have access to a BigID environment to get a token, you can get one from the sandbox by running the automation after the steps.}}
{{Note|If you don't have access to a BigID environment to get a token, you can get one from the sandbox by running the automation after the steps.}}
=== Generate a Token ===


To do this we need to navigate to the Access Management screen under Administration -> Access Management. On the Access Management screen, select the user you want to create a token for from the System Users List. Then press the {{Key|Generate}} button to start the token creation process.
To do this we need to navigate to the Access Management screen under Administration -> Access Management. On the Access Management screen, select the user you want to create a token for from the System Users List. Then press the {{Key|Generate}} button to start the token creation process.


<html><img style="width:100%" src="/cdn/tokenauth/1.jpeg"/></html>
<html><img style="width:100%" src="https://wiki-images.bigid.tools/cdn/tokenauth/1.jpeg"/></html>


Tokens can only be valid for up to 999 days. Since we're just using this token for testing, let's set it to 30 days and then click {{Key|Generate}} like in the screenshot below.
Tokens can only be valid for up to 999 days. Since we're just using this token for testing, let's set it to 30 days and then click {{Key|Generate}} like in the screenshot below.


<html><img style="width:100%" src="https://wiki-images.bigid.tools/cdn/tokenauth/2.jpeg"/></html>
On the next screen you'll see a name for the token as well as the token value. Copy the token value by clicking the icon to the right of it then close the dialog. You can't see the token value again so be sure you have saved it someplace safe.
<html><img style="width:100%" src="https://wiki-images.bigid.tools/cdn/tokenauth/3.jpeg"/></html>
Finally, save the user so the token can take effect.
<html><img style="width:100%" src="https://wiki-images.bigid.tools/cdn/tokenauth/4.jpeg"/></html>
<center>
{{Box/start}}
<html>
<p>Use the tool below to generate a token for the sandbox.</p>
<input style="padding:10px" onClick="this.select();" id="tokenValue" readonly placeholder="Your token here..."/> <button id="gettoken" onclick="generateSandboxToken()" style="padding:10px">Get a Token</button>
<script>
async function generateSandboxToken() {
  let bigtokenReq = await window.fetch('https://sandbox.bigid.tools/api/v1/sessions', {
    method: 'POST',
    headers: {'content-type':'application/json'},
    body: JSON.stringify({'username':'learner','password':'learner'})
  });
  let bigtoken = (await bigtokenReq.json()).auth_token;
  let button = document.getElementById('gettoken');
  button.disabled = true;
  let userReq = await window.fetch('https://sandbox.bigid.tools/api/v1/system_users/bigid', {
    headers: { Authorization: bigtoken }
  });
  let userJSON = await userReq.json();
  let user = userJSON.system_user;
  console.log(user);
  let tokReq = await window.fetch('https://sandbox.bigid.tools/api/v1/system_users/bigid/generate-refresh-token/1', {
    method: 'POST',
    headers: { Authorization: bigtoken }
  });
  let token = await tokReq.json();
  if(user.refreshTokens !== undefined) {
    user.refreshTokens.push(token);
  } else {
    user.refreshTokens = [token];
  }
  await window.fetch('https://sandbox.bigid.tools/api/v1/system_users/bigid', {
    method: 'PUT',
    headers: { Authorization: bigtoken, 'content-type':'application/json' },
    body: JSON.stringify(user)
  });
  document.getElementById('tokenValue').value = token.value;
  button.disabled = false;
}
</script>
</html>
{{Box/end}}
</center>
=== Exchange a token for an session token ===
Now that we have a user token, we need to exchange it for a system token that we can use to access API endpoints. This uses the /api/v1/refresh-access-token endpoint like below. Replace the TOKEN HERE in the request headers with your previously obtained user token and click {{Key|Send}} to get a session token.
<html>
<iframe style="border:0px; width:100%; height:400px; border-radius:10px;" src='https://apiexplorer.bigid.tools/?url=refresh-access-token&method=GET&headers=%5B%7B%22name%22%3A%22Authorization%22%2C%22value%22%3A%22TOKEN%20HERE%22%7D%5D&selectedSetting=headers'></iframe>
</html>
In response to this request you'll get the following:
<syntaxhighlight lang="JSON" line highlight="3">
{
    "success": true,
    "systemToken": "eyJhbGciOi<don't copy me! I'm just an example!>..."
}
</syntaxhighlight>
This session token can then get used on any BigID API.
=== Calling an API ===
Now that you have a session token we can directly call BigID APIs. Documentation for these APIs is available at https://www.docs.bigid.com/bigid/reference/api-getting-started . Since we're just trying to perform a simple task, we don't need the docs here, just to know that GET /ds-connections is the endpoint to retrieve a list of data source connections.
Add a new header named "Authorization" and paste the session token you got in the previous request to authenticate yourself.
<html>
<iframe style="border:0px; width:100%; height:400px; border-radius:10px;" src="https://apiexplorer.bigid.tools/?url=ds-connections&method=GET&selectedSetting=headers"></iframe>
</html>
In that API call, we can see a list of data sources and all the information for each data source.


<html><img style="width:100%" src="/cdn/tokenauth/2.jpeg"/></html>
<syntaxhighlight lang="JSON" lines>
{
    "status": "success",
    "statusCode": 200,
    "data": {
        "ds_connections": [
            "<data source info here>"
        ]
    }
}
</syntaxhighlight>

Latest revision as of 18:00, 28 August 2024

In this tutorial we're going to authenticate with BigID using a user token to retrieve a list of data sources.

First we'll need to create a user token for us to use through the BigID UI.

If you don't have access to a BigID environment to get a token, you can get one from the sandbox by running the automation after the steps.

Generate a Token

To do this we need to navigate to the Access Management screen under Administration -> Access Management. On the Access Management screen, select the user you want to create a token for from the System Users List. Then press the Generate button to start the token creation process.

Tokens can only be valid for up to 999 days. Since we're just using this token for testing, let's set it to 30 days and then click Generate like in the screenshot below.

On the next screen you'll see a name for the token as well as the token value. Copy the token value by clicking the icon to the right of it then close the dialog. You can't see the token value again so be sure you have saved it someplace safe.

Finally, save the user so the token can take effect.

Use the tool below to generate a token for the sandbox.

Exchange a token for an session token

Now that we have a user token, we need to exchange it for a system token that we can use to access API endpoints. This uses the /api/v1/refresh-access-token endpoint like below. Replace the TOKEN HERE in the request headers with your previously obtained user token and click Send to get a session token.

In response to this request you'll get the following:

{
    "success": true,
    "systemToken": "eyJhbGciOi<don't copy me! I'm just an example!>..."
}

This session token can then get used on any BigID API.

Calling an API

Now that you have a session token we can directly call BigID APIs. Documentation for these APIs is available at https://www.docs.bigid.com/bigid/reference/api-getting-started . Since we're just trying to perform a simple task, we don't need the docs here, just to know that GET /ds-connections is the endpoint to retrieve a list of data source connections.

Add a new header named "Authorization" and paste the session token you got in the previous request to authenticate yourself.

In that API call, we can see a list of data sources and all the information for each data source.

{
    "status": "success",
    "statusCode": 200,
    "data": {
        "ds_connections": [
            "<data source info here>"
         ]
    }
}