Details on how authentication is managed, transmitted and enforced throughout the API.
A User represents a person or entity for the purposes of authentication and authorisation.
Within this API only authentication is used to restrict access to privileged information or abilities provided by the API.
See the User resource document for details of what a User resource consists of.
The list of valid Users is controlled by the API Maintainer, they should be contacted to:
See the project administration document for details on the API Maintainer.
Note: Password resets will be delegated to users (for their own password) in future versions of the API.
Tokens are used as a safe way to transmit your identity (user account) without exposing your user credentials.
As documented further in the Token resource document, this API uses the JSON Web Token standard for tokens.
This document also describes what a Token consists of and its associated methods (i.e. for issuing and invalidating tokens).
Tokens contain a number of claims [1], one of which determines when the token will naturally expire. This occurs 1 hour from issuance.
Note: Expired tokens cannot be extended, you must request a new token.
Should you need to invalidate a token before its natural expiry, you can “blacklist” it to invalidate it immediately.
This is achieved using the [DELETE]/tokens method of the Token resource.
Note: Blacklisted tokens cannot be “un-blacklisted”, you must request a new token.
[1] This is a technical term defined with the JWT spec
This trait requires that a request contains a valid authentication token, specified within the Authorisation header of a request.
| Name | Field Name | Data Type | Required | Valid Value(s) | Description |
|---|---|---|---|---|---|
| Authorisation | Authorization |
String | Yes | A valid authentication token | Must use the Bearer auth-scheme |
URL: N/A
Note: Interactive examples for this method may be covered in the examples document.
| Key | Value |
|---|---|
| Authorization | Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJodHRwOlwvXC9ic2x3ZWItZGVuaXplbnMtZGV2LXdlYjFcL2FwaVwvdjFcL3Rva2VucyIsInN1YiI6MSwiaWF0IjoxNDIxMTQ3MTUzLCJleHAiOjE0MjExNTA3NTN9.LIlwJ9IXwMxjh8dxkIw9XbvwWz1juFq8f7pE0dC7Gbc |
None.
None.
None.
unknown_authentication_token_fault)None.
{
"errors": [
{
"details": {
"token_error": [
"There is something wrong with the token authentication."
]
},
"resolution": "Try again or get a new token. If needed contact the API maintainer for assistance.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "unknown_authentication_token_fault"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
missing_authentication_token)None.
{
"errors": [
{
"details": {
"token_error": [
"No authentication token was given and no authentication session exists."
]
},
"resolution": "Include a token in the 'authorization' header, using the bearer scheme (i.e. 'Authoization: Bearer [token]'.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "missing_authentication_token"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
invalid_authentication_token)None.
{
"errors": [
{
"details": {
"token_error": [
"The authentication token given is not valid or is malformed."
]
},
"resolution": "Check the token you have provided is complete, or get a new token.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "invalid_authentication_token"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
authentication_token_unknown_subject)None.
{
"errors": [
{
"details": {
"token_error": [
"The subject for the authentication token is unknown."
]
},
"resolution": "Ensure your user account is still active or contact the maintainer of this API for assistance.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "authentication_token_unknown_subject"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
expired_authentication_token)None.
{
"errors": [
{
"details": {
"token_error": [
"The authentication token given has expired and is no longer valid."
]
},
"resolution": "Get a new token by re-authenticating.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "expired_authentication_token"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
blacklisted_authentication_token)None.
{
"errors": [
{
"details": {
"token_error": [
"Authentication token has been blacklisted and can no longer be used."
]
},
"resolution": "Get a new token by re-authenticating.",
"resolutionURLs": [
"mailto:basweb@bas.ac.uk"
],
"type": "blacklisted_authentication_token"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
authentication_failure)None.
{
"errors": [
{
"details": {
"authentication_error": [
"Ensure your credentials are correct and that your user account is still active, or contact the maintainer of this API for assistance."
]
},
"type": "authentication_failure"
}
]
}
Note: The format of this error will change in future API versions (to standardise against the json:api spec.
This information may be out of date whilst this website is being redeveloped. Until then, if you have any problems using an API documented here, please contact the relevant project maintainer.