Trusted client¶

Follow sections sequentially to complete demonstration of an access from a trusted client.

Create application¶

Login to Jazer’s dashboard. Create a new application by clicking on the create new app button. A dialog will be shown asking for an application name. Give it a name like Trusted client test and click on the create button. An application will be created and shown in the application list. Click on the newly created application in the application list to open application page.

Create API key¶

Open API keys page using left sidebar menu item . Create a new API key using toolbar item create-icon . A dialog will be shown asking for an API key name. Give it a name like Trusted API key and click on the create button. API key will be created with no permissions. To add a permission use permissions toolbar item add-icon . Use /resources/book for the path and enable methods GET and POST. Leave ACL turned off since this API key is for a trusted client. Save API key changes using toolbar item save-changes-icon .

../_images/api-key-trusted-api-key-created.png

Created API key enables the client to create new resources and to search across all resources in the book collection. The client must supply api-key header with the value of an API key Secure ID in each API request.

Find application ID¶

Open the metadata page using left sidebar menu item . Application ID is presented alongside other application metadata. The client must supply application ID in the application-id header in each API request.

Create resource¶

To create a new book resource make API request:

curl -H 'Content-Type: application/vnd.api+json' \
-H 'Accept: application/vnd.api+json' \
-H 'api-key: <YOUR_API_KEY_SECURE_ID>' \
-H 'application-id: <YOUR_APPLICATION_ID>' \
-d '
{
  "data": {
    "type": "book",
    "attributes": {
      "title": "Anna Karenina"
    }
  }
}' \
-X POST https://api.jazer.io/resources/book

Collection book will be created since this is the first time it is requested. A new resource will be created and unique ID will be assigned to the resource. API will return created resource in the response like:

{
  "data": {
    "type": "book",
    "id": "59bd1dafac610577a9bae59b",
    "attributes": {
      "title": "Anna Karenina"
    },
    "links": {
      "self": "https://api.jazer.io/resources/book/59bd1dafac610577a9bae59b"
    }
  }
}

Create a few more book resources by calling same API request with a different title like: 1984, War and Peace and The Catcher in the Rye. To fetch them all make API request:

curl -H 'Accept: application/vnd.api+json' \
-H 'api-key: <YOUR_API_KEY_SECURE_ID>' \
-H 'application-id: <YOUR_APPLICATION_ID>' \
-X GET https://api.jazer.io/resources/book

API response will be:

{
  "meta": {
    "count": 4
  },
  "data": [
    {
      "type": "book",
      "id": "59bd1dafac610577a9bae59b",
      "attributes": {
        "title": "Anna Karenina"
      },
      "links": {
        "self": "https://api.jazer.io/resources/book/59bd1dafac610577a9bae59b"
      }
    },
    {
      "type": "book",
      "id": "59bd23d1ac610577a9bae59d",
      "attributes": {
        "title": "1984"
      },
      "links": {
        "self": "https://api.jazer.io/resources/book/59bd23d1ac610577a9bae59d"
      }
    },
    {
      "type": "book",
      "id": "59bd23daac610577a9bae59f",
      "attributes": {
        "title": "War and Peace"
      },
      "links": {
        "self": "https://api.jazer.io/resources/book/59bd23daac610577a9bae59f"
      }
    },
    {
      "type": "book",
      "id": "59bd23e4ac610577a9bae5a1",
      "attributes": {
        "title": "The Catcher in the Rye"
      },
      "links": {
        "self": "https://api.jazer.io/resources/book/59bd23e4ac610577a9bae5a1"
      }
    }
  ],
  "links": {
    "first": "https://api.jazer.io/resources/book?page[offset]=0&page[limit]=20",
    "last": "https://api.jazer.io/resources/book?page[offset]=0&page[limit]=20",
    "prev": null,
    "next": null
  }
}

Fetch resource¶

To fetch an individual book by ID make API request:

curl -H 'Accept: application/vnd.api+json' \
-H 'api-key: <YOUR_API_KEY_SECURE_ID>' \
-H 'application-id: <YOUR_APPLICATION_ID>' \
-X GET https://api.jazer.io/resources/book/<BOOK_ID>

Since API key does not have permission for the requested path and method, the request will be rejected and response will contain error:

{
  "errors": [
    {
      "code": "permission-denied",
      "status": "403",
      "title": "You do not have the permission to access requested API."
    }
  ]
}

Add a new permission to the API key with the path /resources/book/[0-9a-fA-F]{24} and enable GET method. The request will no longer be rejected and resource will be returned:

{
  "data": {
    "type": "book",
    "id": "59bd1dafac610577a9bae59b",
    "attributes": {
      "title": "Anna Karenina"
    },
    "links": {
      "self": "https://api.jazer.io/resources/book/59bd1dafac610577a9bae59b"
    }
  }
}

More info¶

Visit Resources to see which other operations are supported. Enhance security by validating resource data using Schemas. Use API keys wizard to help you create permissions.