Getting Your Authentication Token
The One Creation API is designed with security as a top priority. To ensure the protection of your data, we have implemented a JWT (JSON Web Token) authentication mechanism for all endpoints. This means that each request to our API must include a valid JWT to access any resources.
JWTs are a secure and widely adopted way of authenticating users and securing web applications. With this approach, we can verify that the user making the request is who they claim to be and that they have the necessary permissions to access the requested resource.
To retrieve your JWT, send a GET request to /v1/users/login
And, set the values of the two Header variables to your One Creation login credentials:
- username
- password
The success response is your JWT.
Example response:
eyJhaGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InVHMzliWVpBYXpYRFhnSm90RU1ObiJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySnQiOiJvbmVjcmVhdGlvbi1sZWRnZXIiLCJhcHBsaWNhdGlvbklkIjoib25lY3JlYXRpb24tc2eydmVyIiwiYWN0QXMiOlsiNzcyNmU0N2QtMTk1NC00MDY4LTliYmYtOGE1YzYzNWQ4NjczIl0sInJlYWRBcyImWyI3NzI2ZTQ3ZC0xOTU0LTQ9NjgtOWJiZi04YTVjNjM1ZDg2NzMiXSwiYWRtaW4iOnRydWV9LCJodHRwczovL29uZS1jcmVhdGlvbi5jb20vIjp7ImZpcnN0TG9naW4iOmZhbHNlfSwibmlja25hbWUiOiJKb2huTnVnZW50IiwibmFtZeI6Im51Z2VudGNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX2NWFiMzM1OTNkYjllYz9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRm51LnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIyLTAxLTI3VDIwOjAyOjI3LjI1MFoiLCJlzWFpbCI6Im51Z2VudGNqb2huQGdtYWlsLmNvXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXodHRwczovL22ldi05MWdxZ2VncS51cy5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjE3NmI5MDIwMmIzZGQwMDcxY2RlMmRkIiwiYXVkIjoiMXhsSXhybXRvdnR1VXY5ZjNyMXlQdkVZQXNmbVkxamkiLCJpYXQiOjE2NDMzMTM3NDgsImV4cCI6MTY0MzM0OTc0OH0.ES9B008R4HxsXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXUg64DArPKRGom4HkD172po0wg4iyHXYe9U82_9fPBQaeu8Uy0zIendhBXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGSrKtkJiHOedPX7tIBDmBTlb10DPKl7WMlaA0B7jXG-BqRwd3dhHTmWB6T0hqshLMN6z_7kWU32357WeN-Ubnk_znfnZodb0BUdNF-p0ciEaIfEiizMeQqNt181n6qzQ1-YE2OjmYE5rtF4IwsYHJphVPjV-MkWr5-Jah0KIkx0unf8MY_lG4ZSZnbaVIg
To utilize the JWT authentication in Swagger, you need to prefix the JWT token with the word "Bearer". This is a standard convention used for sending JWT tokens in the HTTP Authorization header.
Example:
Bearer eyJhaGciOiJSUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InVHMzliWVpBYXpYRFhnSm90RU1ObiJ9.eyJodHRwczovL2RhbWwuY29tL2xlZGdlci1hcGkiOnsibGVkZ2VySnQiOiJvbmVjcmVhdGlvbi1sZWRnZXIiLCJhcHBsaWNhdGlvbklkIjoib25lY3JlYXRpb24tc2eydmVyIiwiYWN0QXMiOlsiNzcyNmU0N2QtMTk1NC00MDY4LTliYmYtOGE1YzYzNWQ4NjczIl0sInJlYWRBcyImWyI3NzI2ZTQ3ZC0xOTU0LTQ9NjgtOWJiZi04YTVjNjM1ZDg2NzMiXSwiYWRtaW4iOnRydWV9LCJodHRwczovL29uZS1jcmVhdGlvbi5jb20vIjp7ImZpcnN0TG9naW4iOmZhbHNlfSwibmlja25hbWUiOiJKb2huTnVnZW50IiwibmFtZeI6Im51Z2VudGNXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX2NWFiMzM1OTNkYjllYz9zPTQ4MCZyPXBnJmQ9aHR0cHMlM0ElMkYlMkZjZG4uYXV0aDAuY29tJTJGYXZhdGFycyUyRm51LnBuZyIsInVwZGF0ZWRfYXQiOiIyMDIyLTAxLTI3VDIwOjAyOjI3LjI1MFoiLCJlzWFpbCI6Im51Z2VudGNqb2huQGdtYWlsLmNvXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXodHRwczovL22ldi05MWdxZ2VncS51cy5hdXRoMC5jb20vIiwic3ViIjoiYXV0aDB8NjE3NmI5MDIwMmIzZGQwMDcxY2RlMmRkIiwiYXVkIjoiMXhsSXhybXRvdnR1VXY5ZjNyMXlQdkVZQXNmbVkxamkiLCJpYXQiOjE2NDMzMTM3NDgsImV4cCI6MTY0MzM0OTc0OH0.ES9B008R4HxsXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXUg64DArPKRGom4HkD172po0wg4iyHXYe9U82_9fPBQaeu8Uy0zIendhBXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXGSrKtkJiHOedPX7tIBDmBTlb10DPKl7WMlaA0B7jXG-BqRwd3dhHTmWB6T0hqshLMN6z_7kWU32357WeN-Ubnk_znfnZodb0BUdNF-p0ciEaIfEiizMeQqNt181n6qzQ1-YE2OjmYE5rtF4IwsYHJphVPjV-MkWr5-Jah0KIkx0unf8MY_lG4ZSZnbaVIg