Skip to content

Security Handshake

All endpoints that can mutate the database require a header of Authorization: Bearer <jwt_token>. You can obtain a JWT token by submitting a POST /auth request such as the following:

POST /anno/v1/auth
Authorization: APIKEY <your_api_key>

Example using curl:

curl -X 'POST' \
  'http:/myserver.org/anno/v1/auth' \
  -H 'Authorization: APIKEY <your_api_key>'

Security flow diagram

sequenceDiagram
    actor U as User
    participant A as Annosaurus
    U->>+A: GET /auth
    activate A
    Note right of A: Authorization: APIKEY <your api key>
    A-->>U: {..., "access_token": <jwt> }
    deactivate A
    U->>+A: POST/DELETE/PUT
    activate A
    Note right of A: Authorization: Bearer <jwt>
    A-->>U: Success reponse 20x
    deactivate A