Security

Reuzenpanda API v1 uses a custom authentication scheme based on service accounts. Each service account has a unique API key and a secret. The API key is used as the username and the secret as the password.

Obtaining a service account

To obtain a service account, please contact the Reuzenpanda team.

Obtain bearer token

To authenticate, send a POST request to the /login-api endpoint with the service account credentials in the body You will receive a JWT Bearer token in "response.sessionKey", this token is valid for 2 hours.

POST /login-api

Request body:

{
  "email": "service-account-name",
  "password": "service-account-secret"
}

Response body:

{
    "type": "SUCCESS",
    "user": {
        "id": "service-account-id",
        "email": "service-account-name",
        "name": null,
        "password": "",
        "locale": null,
        "role": "API"
    },
    "sessionKey": "BEARER",
    "attemptsLeft": 0,
    "should_check_two_factor": false
}

Authenticating with the API

To authenticate with the API, you should add a X-AUTHORIZATION header with the sessionKey as value to your requests.

Connecting a service account to a new profile

A user can "invite" a service account to their profile. This will allow the service account to access the user's data. To do this, the user should open their dashboard, go to the "Profile roles" section in the settings, and enter the service account's name. The invite will immediately be accepted, and the service account will be able to access the user's data.

Future plans

Add support for OpenID/OAuth2 type of authentication

Overview Profile