# Authentication

Artur Chmaro

Adam Leszczyński

Igor Klepacki

# Token

We have two types of authentication tokens:

Master token (generated by administrator of application instance)
User token (generated after authentication with wallet or e-mail link)

User has to be redirected to CreatorsHub instance in order to authenticate. Each call has to to include HTTP header generated and signed by CreatorsHub:

Authorization: Bearer {JWT}

Sample request may look as follows:

curl --location --request POST '{INSTANCE_URL}/api/public/batchMint' \
  --header 'Authorization: Bearer {JWT}' \
  --header 'Content-Type: application/json' \
  --data '[
      {
        "title": "Bear 1",
        "status": "draft",
        "amount": 1
      }
    ]'

# Obtaining the API Token

The endpoint is secured by the API Token attached to the User who generated the token. In order to generate the token log in to our Instance, go to Settings, find API Access under Settings list, go to the Marketplace API tab and click the Generate token button or grab the Token if you already generated one.

Our public API also works when you're logged in on some instance without need of passing the Authorization header along with valid API Token.

Warning

It is recommended to access API using access token generated by admin. Retrieving info from public instance endpoints being authenticated using user cookie shouldn't be permanent solution if you want to build something on top of the API and should only be used in a quick dev/debug/test approach ⚠️

Sample request may look as follows:

curl --location --request POST '{INSTANCE_URL}/api/public/batchMint' \
  --header 'Content-Type: application/json' \
  --header 'Cookie: token={COOKIE}; HttpOnly; Secure' \
  --data '[
      {
        "title": "Bear 1",
        "status": "draft",
        "amount": 1
      }
    ]'

Open the browser's developer tools:

In Google Chrome, you can do this by pressing F12 or Ctrl + Shift + I (Windows/Linux) or ⌘ + ⌥ + I (macOS).
In Mozilla Firefox, you can do this by pressing F12 or Ctrl + Shift + I (Windows/Linux) or ⌘ + ⌥ + I (macOS).

Navigate to the CreatorsHub instance login page and enter your credentials to log in.
Once you have successfully logged in, the server will set an HttpOnly secure cookie, which will be sent to your browser.
In the developer tools, click on the "Applications" tab.
In the left-hand sidebar, click on "Cookies" to expand the section.
Click on the API's domain name to view its cookies and locate the HttpOnly secure cookie that you want to use for authentication (it should be named token) then copy the value.
Use code defined above and replace {COOKIE} with value you just copied.

# Authentication

# Token

# Obtaining the API Token

# User cookie

Warning

# Obtaining the cookie