Authentication and authorization
The process of authenticating user data and issuing certain rights to the user in FastReport Cloud is carried out using one of two available methods:
Via JWT token.
In this case, authentication must be completed by a person, and the token will only be valid for 5 minutes, during which the user must log in to their application. When connecting to the server, the browser will redirect you to the authentication server, after which it will generate an access token. For security reasons, we limit the possibility of getting a JWT token only by a person.
If the user has not logged into the application within 5 minutes, authentication must be repeated. If the user has logged into the application, re-authentication is not required.
Via API key.
In this case, access permissions are obtained for server applications. To get the API key, the presence of a user is required. However, the key itself can remain valid for a long time, for example, a year.
Getting the first API key
To get the first API key, use the user panel. If for some reason there is no access to the user panel, you can request a key as described below.
Open the link in a browser: https://fastreport.cloud/account/signin?r=https://fastreport.cloud/api/manage/v1/ApiKeys.
Clicking on this link will direct you to the browser's automatic authentication process.
Once the authentication is passed, you need to request a new key.
Press
F12orCtrl+Shift+Ito open the developer panel. The keyboard shortcut may differ from the standard ones, in this case, open the developer panel through the browser menu.Copy and execute the code in the JavaScript console.
This code will make a
POSTrequest to the URLhttps://fastreport.cloud/api/manage/v1/ApiKeysto generate a new access key before 2030.await fetch('https://fastreport.cloud/api/manage/v1/ApiKeys', { method: 'POST', headers: { 'Content-Type': 'application/json;charset=utf-8' }, body: JSON. stringify({ "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" }) });Refresh the browser page and take the result.
{ "apiKeys": [ { "value": "cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey", "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" } ], "count": 1 }
Now you can use the API key, in the case above it is cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey.
ПYou don’t need to get a new API key through the browser again.
How to use the API key
The key should be passed with every request in the Authorization: Basic header. The username should be apikey, and the password should be the key value. For example.
Authorization: Basic Base64Encode(apikey:cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey);
Where Base64Encode is the function for converting a string to base64 when using UTF8 encoding.
Getting a new API key
To get a new key, make a POST request to the entry point https://fastreport.cloud/api/manage/v1/ApiKeys and pass JSON in the request body as shown below.
{
"description": "string",
"expired": "string($date-time)"
}
Request example.
curl -X POST "https://fastreport.cloud/api/manage/v1/ApiKeys" -H "accept: text/plain" -H "authorization: Basic YXBpa2V5OmNjMzU1b2V1MXo1ZDV3bmNheW8zM21lNmMxZzVqdW5xZHFrNHBrdXBpZDd0OHluanNoZXk=" -H "Content-Type: application/json-patch+json" -d "{ \"description\": \"Generated by js develop panel\", \"expired\": \"2030-01-01T07:41:23.399Z\"}"
Response scheme.
{
"value": "string",
"description": "string",
"expired": "2020-12-02T08:47:43.270Z"
}