Skip to main content

Graniitti API authentication

All requests to the Graniitti API must be authenticated. The API uses token-based authentication over HTTPS. Requests that are not authenticated or that are sent over plain HTTP always fail.

Authenticating a request

To authenticate a request, add your personal access token to the request using the Authorization header, and prefix the token with "Bearer" followed by a space, as shown in the following example.

curl -X GET \
--header 'Authorization: Bearer <access\_token>' \
'https://<graniitti\_api\_domain>/v0/users'

If you do not already have a token, get it from the Frosmo Control Panel. You can also recreate or revoke an existing token. The token is valid for 356 days from the moment of creation.

warning

Do not make Graniitti API requests in client-side code that is accessible to parties you do not trust, as this will expose your token to them. Use the Graniitti API only in server-side code and in client-side code that is only accessible to parties you trust.

Getting your personal access token

To get your personal access token:

  1. In the Frosmo Control Panel, in the header, click your username, and select API Access.

  2. In the Graniitti API section, click Create token.

    Getting your personal access token
  3. Copy the token. It will not be shown on the page again.

    Getting your personal access token

You now have your personal access token for authenticating with the Graniitti API. The token will expire in 356 days.

Recreating your personal access token

If you forget your personal access token, or if you need a new one for some other reason, you can recreate the token.

warning

Recreating the token renders your current token invalid. If you have applications that use the current token, their Graniitti API requests will no longer work after you recreate the token.

To recreate your personal access token:

  1. In the Frosmo Control Panel, in the header, click your username, and select API Access.

  2. In the Graniitti API section, click Recreate token.

    Recreating your personal access token
  3. Copy the token. It will not be shown on the page again.

You have recreated your personal access token. Use the new token in place of the old one in all Graniitti API requests. The new token will expire in 356 days.

Revoking your personal access token

If you no longer need your personal access token, you can revoke it.

warning

Revoking the token renders it invalid. If you have applications that use the token, their Graniitti API requests will no longer work after you revoke the token.

To revoke your personal access token:

  1. In the Frosmo Control Panel, in the header, click your username, and select API Access.

  2. In the Graniitti API section, click Revoke token.

    Revoking your personal access token

You have revoked your personal access token and can no longer use it to authenticate Graniitti API requests.