Authorization
- 1 Minute to read
- DarkLight
Authorization
- 1 Minute to read
- DarkLight
Article summary
Did you find this summary helpful?
Thank you for your feedback
Prerequisites
- You have Dataddo username and password. You cannot use accounts handled by SSO. Best practice is to create a "system" user by navigating to your Dataddo account and then clicking on Team members and invite additional user to your account. It is important that such user will authenticate using username and password and not via Google or Microsoft SSO.
Obtaining the tokens
Use the following endpoint to obtain access and refresh tokens
Request
POST /auth
{
"email": "string",
"password": "string"
}
| Parameter | Description |
|---|---|
| email address associated with your account and used for login. | |
| password | password to your account. |
Response
{
"access_token":"ACCESS_TOKEN",
"refresh_token":"REFRESH_TOKEN",
"expires_in":3600
}
| Parameter | Description |
|---|---|
| access_token | Bearer token used for authorization. |
| refresh_token | Refresh token. You can use it for obtaining new access_token instead of providing email and password |
| expires_in | Time in seconds of access_token validity. |
Refreshing Access Token
The access token has a limited lifespan, which is specified in the expires_in parameter. To refresh the access token, use the following method. Please note that you need to provide the current access token (even if expired) in the authorization header.
Request
POST /refresh
Authorization: Bearer ACCESS_TOKEN // Provide existing access_token, even if expired
{
"refresh_token": "REFRESH_TOKEN"
}
Response
{
"access_token":"ACCESS_TOKEN",
"refresh_token":"REFRESH_TOKEN",
"expires_in":3600
}
Revoke Access
To revoke access, simply use the method below. Make sure to include the access_token in the authorization header.
Request
POST /revoke
Authorization: Bearer ACCESS_TOKEN
Was this article helpful?