API Authentication¶

On this page you will learn how to do Authentication for the Kelvin API.

Authentication¶

The Kelvin API authentication mechanism is based OAUTH2 specifications and any program supporting OAUTH2 will be able to login and get a JWT token.

There are two types of JWT tokens issued.

1. User : a pre-registered user on the Kelvin Core. It uses a ClientID, username and password to obtain a valid JWT token. This method should be used by a common user.
2. Service Account : a pre-registered ClientID on the Kelvin Platfom. It uses a Client Secret to obtain a valid JWT token. This method should be used for 3^rd party service integrations (backend-to-backend communication).

Method 1: User Authentication ¶

A JWT token can be obtained using the following endpoint:

/auth/realms/kelvin/protocol/openid-connect/token

With application/x-www-form-urlencoded request parameters:

• username: User's email
• password: User's password
• client_id: ID of the client that you are trying to connect. Example: kelvin-client
• grant_type: must be set to password

The response returns an access_token, refresh_token and expiration times. The access_token should be used as the Bearer credential in the HTTP Authorization header: Authorization: Bearer <access_token>.

Using cURL from a command line, you would do this;

curl --request POST 'https://<your-custom-url>/auth/realms/kelvin/protocol/openid-connect/token' 
     --header 'Content-Type: application/x-www-form-urlencoded' 
     --data-urlencode 'username=<your-username>'
     --data-urlencode 'password=<your-password>'
     --data-urlencode 'client_id=kelvin-client'
     --data-urlencode 'grant_type=password'

{
   "access_token":"<your JWT token>",
   "expires_in":3600,
   "refresh_expires_in":7200,
   "refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJjZWEzMTdiNS1lZDU3LTQ3MmMtYTg1My03NDY5NGNlYTYzOTEifQ.eyJleHAiOjE2NTQ1MTcxNTgsImlhdCI6MTY1NDUwOTk1OCwianRpIjoiZjNmNmIyMTMtMGIzZi00NTdiLWI3NzAtZDliYzE2MjE3ZGU1IiwiaXNzIjoiaHR0cHM6Ly9iZXRhLmtlbHZpbmluYy5jb20vYXV0aC9yZWFsbXMva2VsdmluIiwiYXVkIjoiaHR0cHM6Ly9iZXRhLmtlbHZpbmluYy5jb20vYXV0aC9yZWFsbXMva2VsdmluIiwic3ViIjoiODM3MDJiMDctNTc4Yi00YmNiLWJlZDctMmExYjJjZmMzZWEyIiwidHlwIjoiUmVmcmVzaCIsImF6cCI6ImtlbHZpbi1jbGllbnQiLCJzZXNzaW9uX3N0YXRlIjoiMzBhZGM5MzAtMjVjZC00NTJjLTg2YjUtOGVhZWYyZDZiMmQzIiwic2NvcGUiOiJwcm9maWxlIGtlbHZpbi1zY29wZSBlbWFpbCIsInNpZCI6IjMwYWRjOTMwLTI1Y2QtNDUyYy04NmI1LThlYWVmMmQ2YjJkMyJ9.p0cmVzWLFTMmE1sos-8JoTVWsvRqeW_axEVTy87pGlY",
   "token_type":"Bearer",
   "not-before-policy":0,
   "session_state":"30adc930-25cd-452c-86b5-8eaef2d6b2d3",
   "scope":"profile kelvin-scope email"
}

In the JSON response you can see the access token which is what you need to copy and use with all your API POST/GET as a BEARER.

Method 2: Service Account ¶

This authentication method is suited for backend service authentication and it uses a Client ID and Client Secret to obtain a token.

A JWT token can be obtained using the following endpoint:

/auth/realms/kelvin/protocol/openid-connect/token

With application/x-www-form-urlencoded request parameters:

• client_id: ID of the client that you are trying to connect
• client_secret: Secret of the client that you are trying to connect
• grant_type: must be set to client_credentials

Using cURL from a command line, you would do this;

curl --request POST 'https://<url>/auth/realms/kelvin/protocol/openid-connect/token' 
     --header 'Content-Type: application/x-www-form-urlencoded' 
     --data-urlencode 'client_id=<client_id>' 
     --data-urlencode 'client_secret=<client_secret>' 
     --data-urlencode 'grant_type=client_credentials'

Other Related Links¶

Interesting links related to this tutorial;

• Kelvin Overview -> Overview
• Documentation -> Kelvin Core -> Kelvin SDK -> Kelvin SDK Overview
• Documentation -> Kelvin Core -> Kelvin API -> Kelvin API Overview

Last Modified¶

Kelvin Documentation AI Support

Hi. My name is KevDocBot. How can I help you?

Send