Authentication
Get a token from the API
To make most of the requests to our API, you need to be authentified, you can authentify by making a request to obtain a token you will use after.
$ curl -X POST https://api-<instance>.toucantoco.com/login\
-H 'content-type: application/json'\
--data-binary '{"username": <username>, "password": <secret_password>}'
> {"token": <token>}
<instance>
corresponds to your Toucan tenant,<login>
corresponds to your Toucan login,<password>
to your Toucan password and<version>
to the API version you want to use.<token>
is the token you will get afterward to authentify through this API.
Failed login limit
Authenticating with invalid credentials will return Login failed. Invalid username or password
:
$ curl https://api-<instance>.toucantoco.com/login\
-H 'content-type: application/json'\
--data-binary '{"username": <username>, "password": <secret_password>}'
> Login failed. Invalid username or password
After detecting several requests with invalid credentials within a short period (5 per minute), the API will temporarily reject all authentitication attemps for that user (including ones with valid credentials) with Too many requests in a short time, please wait a bit and try again.
:
$ curl https://api-:instance.toucantoco.com/login\
-H 'content-type: application/json'\
--data-binary '{"username": <username>, "password": <secret_password>}'
>{"message":"Too many requests in a short time, please wait a bit and try again."}
Permissions
If you do not have access to a resource. You will have a 401
return.
$ curl https://api-<instance>.toucantoco.com/v0/users
> {"statusCode":401,"message":"Unauthorized"}
Now you know how to properly authenticate! For most of the routes you also need to have a minimal user role, check here if you are interested.