Pages

All requests to the Graniitti API must be authenticated. The API uses token-based authentication over HTTPS. Requests that are not authenticated or that are sent over plain HTTP always fail.

Authenticating a request

To authenticate a request, add your personal access token to the request using the Authorization header, and prefix the token with "Bearer" followed by a space, as shown in the following example.

curl -X GET \
--header 'Authorization: Bearer <access_token>' \
'https://<graniitti_api_domain>/v0/users'

If you do not already have a token, get it from the Frosmo Control Panel. You can also recreate or revoke an existing token.

Do not make Graniitti API requests in client-side code that is accessible to parties you do not trust, as this will expose your token to them. Use the Graniitti API only in server-side code and in client-side code that is only accessible to parties you trust.

Getting your personal access token

To get your personal access token:

  1. In the Control Panel, select Utilities > Frosmo APIs.
  2. In the Graniitti API section, click Create token.

    Getting your personal access token

  3. Copy the token. It will not be shown on the page again.

    Getting your personal access token

You now have your personal access token for authenticating with the Graniitti API.

Recreating your personal access token

If you forget your personal access token, or if you need a new one for some other reason, you can recreate the token.

Recreating the token renders your previous token invalid. If you have applications that use the previous token, their Graniitti API requests will no longer work after you recreate the token.

To recreate your personal access token:

  1. In the Control Panel, select Utilities > Frosmo APIs.
  2. In the Graniitti API section, click Recreate token.

    Recreating your personal access token

  3. Copy the token. It will not be shown on the page again.

You have recreated your personal access token. Use the new token in place of the old one in all Graniitti API requests.

Revoking your personal access token

If you no longer need your personal access token, you can revoke it.

Revoking the token renders it invalid. If you have applications that use the token, their Graniitti API requests will no longer work after you revoke the token.

To revoke your personal access token:

  1. In the Control Panel, select Utilities > Frosmo APIs.
  2. In the Graniitti API section, click Revoke token.

    Revoking your personal access token

You have revoked your personal access token and can no longer use it to authenticate Graniitti API requests.

  • No labels