Authentication
Getting an Access Token
To get an access token, call POST /api/authorize/auth/
with credentials (which you've got from us) containing the email and password needed in the request body. The host address should be the API address (the one you've also got from us).
The successful response will return a pair of tokens:access_token
and expire_token
.
access_token is a key that grants you access to system resources. To access a resource, you need to add your access_token to the header.
headers = {‘ X-Forensic-Access-Token’: <access_token>}
access_token is time-limited, the limits depend on the account type.
service accounts –
OZ_SESSION_LONGLIVE_TTL
(5 years by default),other accounts –
OZ_SESSION_TTL
(15 minutes by default).
expire_token is the token you can use to renew your access token if necessary.
Automatic session extension
If the value ofexpire_date
> current date, the value of current sessionexpire_date
is set to current date + time period that is defined as shown above (depending on the account type).
Token Renewal
To renewaccess_token
and expire_token
, call POST
/api/authorize/refresh/.
Add expire_token
to the request body and X-Forensic-Access-Token to the header.
In case of success, you'll receive a new pair of access_token
and expire_token
. The "old" pair will be deleted upon the first authentication with the renewed tokens.
Errors
Error code
Error message
What caused the error
400
Could not locate field for key_path
expire_token
from provided dict data
expire_token
haven't been found in the request body
401
Session not found
The session with expire_token
you have passed doesn't exist.
403
You have not access to refresh this session
A user who makes the request is not thisexpire_token
session owner.
Last updated