| sidebar_position |
|---|
2 |
import Tabs from '@theme/Tabs'; import TabItem from '@theme/TabItem';
AniAPI uses JSON Web Tokens to authenticate requests.
Each JWT is referred to an user id and is valid for 30 days.
When a JWT expires, the user should login again to obtain a new one.
You can obtain your JWT on your profile page.
Authentication on secured endpoints is managed with HTTP Bearer Auth, which expects the use of Authorization HTTP header:
<Tabs defaultValue="curl" values={[ { label: 'cURL', value: 'curl' }, { label: 'JS', value: 'js' } ]}>
curl -i https://api.aniapi.com/v1/user_story -H "Authorization: Bearer <YOUR_JWT>" fetch('https://api.aniapi.com/v1/user_story', {
method: 'GET',
headers: {
'Authorization': 'Bearer <YOUR_JWT>',
'Content-Type': 'application/json',
'Accept': 'application/json'
}
});Since JWTs have an expiration time, you will have to validate your JWT before making requests to the API.
Therefore you will need to make a validation request to https://api.aniapi.com/v1/auth/me in order to find out if your JWT is still usable.
curl -i https://api.aniapi.com/v1/auth/me -H "Authorization: Bearer <YOUR_JWT>"If your JWT is valid you will get a response like below:
{
"status_code": 200,
"message": "Hi Dazorn",
"data": {
"username": "Dazorn",
"id": 1,
//...
},
"version": "1"
}AniAPI gives the possibility to access protected endpoints from third-party apps.
You can view and manage all your clients on the developer page, after signing in.
If you want to allow users to login with their AniAPI acccount and have complete access on their data you will need to use OAuth. Otherwise, if your application's scope is read-only on public data, you won't need it.
It depends on the environment where your app is running:
- use the Implicit grant if your client is a website or a mobile application
- use the Authorization Code grant if you can securely store your client's credentials (for example on a server)