Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Create a dedicated Data Theorem user or API key that can authenticate to the API to scan.

    1. Data Theorem recommends following the least privilege security principle when creating API credentials; consider granting it read-only access to the areas necessary for Data Theorem to perform API scans.

  2. Create CURL command(s) to test the credentials, by calling one of the API endpoints and verifying that it returned a successful response.

  3. Email to support@datatheorem.com the following information:

    1. Name and URL to the API.

    2. Type of authentication flow, as described in the next section.

    3. CURL command(s) that can be used to complete an authenticated request. The commands should contain the API credentials that Data Theorem will use.

...

Authenticating via Custom Authentication Flow

Data Theorem supports custom authentication flows that happen in two steps:

  1. Sending a request to create an authentication token.

  2. Supplying the authentication token when making API calls.

Please provide sample CURL commands demonstrating your custom authentication flow using. For example:

  1. Token creation:
    curl -X 'POST' "https://example.com/login" -d 'id=123&client_secret=12345&grant_type=client_credentials'

  2. API call using received the generated token:
    curl "https://example.com?id=123" -H "Authorization: Bearer 67890

...