Skip to content

Authentication

Prerequisites

To authenticate using API you will need to have an API key. To create an API key for your organization, please log in interactively to Portfoleon, select Administration - Integrations from the menu, and add a new API key.

Authenticating with API keys

To get an authentication token use the following:

curl --header "Content-Type: application/json" \
  --request POST \
  --data '{"api_key":"AKPF123,ABCDEFGHI098765"}' \
  https://portfoleon.herokuapp.com/api/v1/security/token

The token API returns JSON like this:

{
    "token": "ASCII token string",
    "b64token": "Base64-ed token you can use to authenticate"
}

Once you have the token you can access other protected resources with it. Use Bearer authorization with base64-encoded authentication token.

# Shell
curl -H "Authorization: Bearer ZXlKaGJHY2lPaUpJVXpJMU5pSXNJbVY0Y0NJNk1UWXdPRGd4T0Rnd09Td2lhV0YwSWpveE5qQTRPREU0TWpBNWZRLmV5SnZjbWxuYVc1aGJGOXBjM04xWlY5a1lYUmxJam9pTWpBeU1DMHhNaTB5TkZReE16bzFOam8wT1M0d016Y3pNekFpTENKMWMyVnlYMmxrSWpvaU1TSjkudHVGZ1Y0TG9DNHFZdHp4NmZVUnAyM25fQWV2Z0ZMSjA3U2lkX3h1MUdaTQ==" https://portfoleon.herokuapp.com/api/test/protected_resource
// Javascript
$http.get(
  'https://portfoleon.herokuapp.com/api/test/protected_resource',
  {headers: {Authorization: 'Bearer ' + b64token}}
);

HTTP Request

POST http://portfoleon.herokuapp.com/api/v1/security/token

POST Parameters

Parameter Mandatory Default Description
api_key true no default API key you created in the organization.

Tip

You can use /api/test/protected resource for testing your authentication.

HTTP Response

In case of success the token endpoint will return:

{
    "token": "ASCII token string",
    "b64token": "Base64-ed token you can use to authenticate"
}

In case of failure the endpoint will return the standard error structure, namely:

Token expired In case of token expiration please use token refresh endpoint. The token expiration error message is: { "message": { "error": "Token expired" }}

Refresh authorization token

HTTP Request

To refresh the authentication token please use:

curl -H "Authorization: Bearer ZXlKaGJHY2lPaUpJVXpJMU5pSXNJbVY0Y0NJNk1UWXdPRGd4T0Rnd09Td2lhV0YwSWpveE5qQTRPREU0TWpBNWZRLmV5SnZjbWxuYVc1aGJGOXBjM04xWlY5a1lYUmxJam9pTWpBeU1DMHhNaTB5TkZReE16bzFOam8wT1M0d016Y3pNekFpTENKMWMyVnlYMmxrSWpvaU1TSjkudHVGZ1Y0TG9DNHFZdHp4NmZVUnAyM25fQWV2Z0ZMSjA3U2lkX3h1MUdaTQ==" https://portfoleon.herokuapp.com/api/v1/security/refresh_token

By default, if the token is still valid, Portfoleon will not issue a new one and instead just return the old token. To force refresh add the force=true parameter:

curl -H "Authorization: Bearer ZXlKaGJHY2lPaUpJVXpJMU5pSXNJbVY0Y0NJNk1UWXdPRGd4T0Rnd09Td2lhV0YwSWpveE5qQTRPREU0TWpBNWZRLmV5SnZjbWxuYVc1aGJGOXBjM04xWlY5a1lYUmxJam9pTWpBeU1DMHhNaTB5TkZReE16bzFOam8wT1M0d016Y3pNekFpTENKMWMyVnlYMmxrSWpvaU1TSjkudHVGZ1Y0TG9DNHFZdHp4NmZVUnAyM25fQWV2Z0ZMSjA3U2lkX3h1MUdaTQ==" https://portfoleon.herokuapp.com/api/v1/security/refresh_token?force=true

HTTP Response

In case of success the token refresh endpoint will return the same response as for the token endpoint.

Authentication expired In case the token cannot be any longer refreshed, please authenticate again using the token endpoint. The authentication expiration error message is: { "message": { "error": "Authentication expired" }}