Authentication and Authorization¶
Basics¶
Authentication to the Seed Identity Store API is provided the Token Authentication feature of the Django REST Framework.
In short, each user of this API needs have been supplied a unique secret token
that must be provided in the Authorization
HTTP header of every request made
to this API.
An example request with the Authorization
header might look like this:
POST /endpoint/ HTTP/1.1
Host: <identity-store-domain>
Content-Type: application/json
Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b
Users and Groups¶
User and Group objects are provided by the Django Auth framework and can be added and created through the normal maintenance methods (Django Admin, Dgango Shell, ...).
There is also a rudimentary API endpoint: POST /user/token/
that will
create a user and token for a given email address (or just a token if a user
with that email address already exists).
Authorization and permissions¶
All of the current API endpoints do not require any specific permissions other than a valid authenticated user.
The only exception to this is POST /user/token/
which requires an
admin level user.