Language

Authentication

For both the Data import and export, the virtualised database will required permissions to ensure that a User has authorised certain API consumers to add or read the data from the various Tables within the database. For this, separate “Apps” that represent API User accounts will be present within each User’s PDS. Each App will own several permission sets within the database, which will determine which Tables the API consumers are able to access, in addition to the permissions the API consumers have on those Tables.

Acquiring Access Token

The tokens used are JWT tokens and you can see the values set by the HAT (such as the issuer) at jwt.io. To acquire an access token, you should make a GET request to /user/access_token endpoint and the request should contain headers with username and pass (password). The response will contain the access token and user ID.

Validating Access Token

Tokens are signed by the HAT’s public key using RSA algorithm so that their authenticity can be independently verified. To make sure the provided access token works with the specific HAT, make a GET request containing a header with X-Auth-Token to /users/access_token/validate endpoint. In case of a valid access token, your response will say “message”: “Authenticated” and in a case of an invalid access token, you will get “message”: “The supplied authentication is invalid” and “cause”: “…”.

HTTP Request

GET http://hat.hubofallthings.net/

Query Parameters

ParameterDescription
access_tokenyour access token used to authenticate
usernameusername used for authentication together with password, instead of access_token (user and platform only)
passpassword used for authentication together with username, instead of access_token (user and platform only)

Creating a HAT

curl --request POST \
  --url https:///api/signup \
  --header 'content-type: application/json' \
  --data '"{\n\t\"fullName\": \" \",\n\t\"username\": \"\",\n\t\"email\": \"\",\n\t\"pass\": \"\",\n\t\"passRepeat\": \"\"\n}"'
var settings = {
  "async": true,
  "crossDomain": true,
  "url": "https:///api/signup",
  "method": "POST",
  "headers": {
    "content-type": "application/json"
  },
  "processData": false,
  "data": "\"{\\n\\t\\\"fullName\\\": \\\" \\\",\\n\\t\\\"username\\\": \\\"\\\",\\n\\t\\\"email\\\": \\\"\\\",\\n\\t\\\"pass\\\": \\\"\\\",\\n\\t\\\"passRepeat\\\": \\\"\\\"\\n}\""
}

$.ajax(settings).done(function (response) {
  console.log(response);
});
<?php

$curl = curl_init();

curl_setopt_array($curl, array(
  CURLOPT_URL => "https:///api/signup",
  CURLOPT_RETURNTRANSFER => true,
  CURLOPT_ENCODING => "",
  CURLOPT_MAXREDIRS => 10,
  CURLOPT_TIMEOUT => 30,
  CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
  CURLOPT_CUSTOMREQUEST => "POST",
  CURLOPT_POSTFIELDS => "\"{\\n\\t\\\"fullName\\\": \\\" \\\",\\n\\t\\\"username\\\": \\\"\\\",\\n\\t\\\"email\\\": \\\"\\\",\\n\\t\\\"pass\\\": \\\"\\\",\\n\\t\\\"passRepeat\\\": \\\"\\\"\\n}\"",
  CURLOPT_HTTPHEADER => array(
    "content-type: application/json"
  ),
));

$response = curl_exec($curl);
$err = curl_error($curl);

curl_close($curl);

if ($err) {
  echo "cURL Error #:" . $err;
} else {
  echo $response;
}
import http.client

conn = http.client.HTTPSConnection("")

payload = "\"{\\n\\t\\\"fullName\\\": \\\" \\\",\\n\\t\\\"username\\\": \\\"\\\",\\n\\t\\\"email\\\": \\\"\\\",\\n\\t\\\"pass\\\": \\\"\\\",\\n\\t\\\"passRepeat\\\": \\\"\\\"\\n}\""

headers = { 'content-type': "application/json" }

conn.request("POST", "/api/signup", payload, headers)

res = conn.getresponse()
data = res.read()

print(data.decode("utf-8"))
require 'uri'
require 'net/http'

url = URI("https:///api/signup")

http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE

request = Net::HTTP::Post.new(url)
request["content-type"] = 'application/json'
request.body = "\"{\\n\\t\\\"fullName\\\": \\\" \\\",\\n\\t\\\"username\\\": \\\"\\\",\\n\\t\\\"email\\\": \\\"\\\",\\n\\t\\\"pass\\\": \\\"\\\",\\n\\t\\\"passRepeat\\\": \\\"\\\"\\n}\""

response = http.request(request)
puts response.read_body