All requests to the Graniitti API must be authenticated. The API uses token-based authentication over HTTPS. Requests that are not authenticated or that are sent over plain HTTP always fail.
To authenticate a request, add your personal access token to the request using the
Authorization header, and prefix the token with "Bearer" followed by a space, as shown in the following example.
curl -X GET \ --header 'Authorization: Bearer <access_token>' \ 'https://<graniitti_api_domain>/v0/users'
If you do not already have a token, get it from the Frosmo Control Panel. You can also recreate or revoke an existing token. The token is valid for 356 days from the moment of creation.
Do not make Graniitti API requests in client-side code that is accessible to parties you do not trust, as this will expose your token to them. Use the Graniitti API only in server-side code and in client-side code that is only accessible to parties you trust.
To get your personal access token:
In the Graniitti API section, click Create token.
Copy the token. It will not be shown on the page again.
You now have your personal access token for authenticating with the Graniitti API. The token will expire in 356 days.
If you forget your personal access token, or if you need a new one for some other reason, you can recreate the token.
Recreating the token renders your current token invalid. If you have applications that use the current token, their Graniitti API requests will no longer work after you recreate the token.
To recreate your personal access token:
In the Graniitti API section, click Recreate token.
You have recreated your personal access token. Use the new token in place of the old one in all Graniitti API requests. The new token will expire in 356 days.
If you no longer need your personal access token, you can revoke it.
Revoking the token renders it invalid. If you have applications that use the token, their Graniitti API requests will no longer work after you revoke the token.
To revoke your personal access token:
In the Graniitti API section, click Revoke token.
You have revoked your personal access token and can no longer use it to authenticate Graniitti API requests.