Skip to content
My Docs

Authentication

Kala server supports multiple authentication methods to secure access to its resources. There are two main types of authentication:

  1. JWT (JSON Web Token) authentication
  2. API Key authentication

JWT Authentication

Section titled “JWT Authentication”

JWT authentication is the primary method for securing access to Kala Server. It allows users to authenticate using JSON Web Tokens, which are issued upon successful login and must be included in subsequent requests to access protected resources.

  1. Login: Users can log in using their credentials (username and password) to receive a JWT.

    • Endpoints: POST /api/auth/access-token
    • Request Body:
    {
      "username": "your_username",
      "password": "your_password"
    }
    • Response:
    {
      "data": {
        "access_token": "your_jwt_token"
      }
    }

  2. Token Usage: The JWT must be included in the Authorization header of each request to access protected endpoints. The header should be formatted as follows:

    Authorization: Bearer <your_jwt_token>

API Key Authentication

Section titled “API Key Authentication”

API Key authentication is an alternative method for accessing Kala Server resources. It allows users to authenticate using a unique API key instead of a JWT. It is suitable for scenarios where a backend service needs to access Kala Server without user interaction.

  1. Login using JWT to access the API Key generation endpoint, ref:

  2. Generate API Key: Users can generate an API key through the Kala Server API.

    • Endpoints: POST /api/auth/api-key
    • This endpoint requires a valid JWT token in the Authorization header.
    • Request Body:
    {
      "validFrom": "2024-01-01T00:00:00Z", // Optional, defaults to now
      "validTo": "2025-01-01T00:00:00Z",
      "permissions": ["UUID", "UUID"], // Optional, defaults to none
      "services": ["service UUID"] // Optional, defaults to all services
    }
    • Response:
    {
      "data": "your_api_key"
    }

    IMPORTANT The API key is generated only once and cannot be retrieved again. Make sure to store it securely.

  3. Usage: The API key can be includde in

    • Header with the key X-API-Key: 
      X-API-Key: <your_api_key>
    • Query parameter with the key key: 
      http://your-kala-server/api/resource?key=<your_api_key>

Permission types

Section titled “Permission types”
  1. User Management: 01968c91-8789-7288-a337-f0e398711aac
    • Create, read, update, and delete users.
  2. Data Management: 01968c91-8789-7724-b62d-946b118ce9d6
    • Create, read, update, and delete datastore.