Authentication and authorization
The process of authenticating user data and issuing certain rights to the user in FastReport Cloud is carried out using one of two available methods:
Via JWT token.
In this case, authentication must be completed by a person, and the token will only be valid for 5 minutes, during which the user must log in to their application. When connecting to the server, the browser will redirect you to the authentication server, after which it will generate an access token. For security reasons, we limit the possibility of getting a JWT token only by a person.
If the user has not logged into the application within 5 minutes, authentication must be repeated. If the user has logged into the application, re-authentication is not required.
Via API key.
In this case, access permissions are obtained for server applications. To get the API key, the presence of a user is required. However, the key itself can remain valid for a long time, for example, a year.
Getting the first API key
Use the user panel to get the first API key. If for some reason there is no access to the user panel, you can request a key as described below.
Open the link in a browser: https://id.fast-report.com/Manage/ExternalLogins
Clicking on this link will direct you to the browser's automatic authentication process.
Once the authentication is passed, you need to request a new key.
Press
F12
orCtrl+Shift+I
to open the developer panel. The keyboard shortcut may differ from the standard ones. In this case, open the developer panel through the browser menu.-
- Copy and execute the code in the JavaScript console.
This code will make a
POST
request to the URLhttps://id.fast-report.com/api/manage/v1/ApiKeys
to generate a new access key before 2030.await fetch('https:// id.fast-report.com/api/manage/v1/ApiKeys', { method: 'POST', headers: { 'Content-Type': 'application/json;charset=utf-8' }, body: JSON. stringify({ "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" }) });
Refresh the browser page and get the result.
{ "apiKeys": [ { "value": "cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey", "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" } ], "count": 1 }
Now you can use the API key, in the case above it is cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey
.
You don’t need to get a new API key through the browser again.
How to use the API key
The key should be passed with every request in the Authorization: Basic
header. The username should be apikey, and the password should be the key value. For example.
Authorization: Basic Base64Encode(apikey:cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey);
Where Base64Encode
is the base64 string encoding function.
For FastReport.Cloud.SDK
, there is a special class that allows you to add the key to the request header FastReportCloudApiKeyHeader.
To add the required header, create a new HttpClient
.
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new FastReportCloudApiKeyHeader(apiKey);
Now this HttpClient
can be used for all requests.
Getting a new API key
To get a new key, call the method CreateApiKeyAsync(CreateApiKeyVM, System.Threading.CancellationToken)
CreateApiKeyVM model = new CreateApiKeyVM()
{
Description = "Created by FastReport.Cloud.SDK",
Expired = DateTime.UtcNow.AddYears(1)
};
IApiKeysClient apiKeysClient = new ApiKeysClient(httpClient);
await apiKeysClient.CreateApiKeyAsync(model);
Whenever possible, use asynchronous method analogs instead of synchronous ones.
The result of executing this function will be the ApiKeyVM model.