Open Closed

How to get API token? #2206


User avatar
0
LawrenceKwan created

I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API

I have 2 cases,

  1. my project dont have identity server
  2. my project have identity server

How to obtain the API Token for the above cases? I need to call module api in many cases

  • ABP Framework version: v4.4.3
  • UI type: MVC
  • DB provider: EF Core
  • Tiered (MVC) or Identity Server Separated (Angular): no
  • Exception message and stack trace:
  • Steps to reproduce the issue:"

8 Answer(s)
  • User Avatar
    0
    enisn created
    Support Team

    Hi @LawrenceKwan

    It's not related with ABP. You can do it configuring Serilog like below: https://stackoverflow.com/a/28334074/7200126

  • User Avatar
    0
    LawrenceKwan created

    Serilog

    Hello Enisn Token and Serilog are different thing. I am asking the API token not the loging, how to get token?Thanks

  • User Avatar
    0
    LawrenceKwan created

    I find that when I login to admin account, token is valid but When I logoff, token is invalid that cannot get response.

  • User Avatar
    0
    enisn created
    Support Team

    Firstly I'm sorry about my first mismatching answer to you. It has been posted by a mistake to this thread.


    I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API

    If you send requests via using client proxies, you don't need to get any of token manually. Client proxy handles them.

    I find that when I login to admin account, token is valid but
    When I logoff, token is invalid that cannot get response.

    If your endpoint requires authentication, you won't be able to access that endpoint when you logged out.

    Can you share more info about which endpoint you are trying to access with token?

  • User Avatar
    0
    LawrenceKwan created

    Firstly I'm sorry about my first mismatching answer to you. It has been posted by a mistake to this thread.


    I am going to call api of different modules, and I saw there is RequestVerificationToken on swagger API, like /api/file-management/file-descriptor/content API

    If you send requests via using client proxies, you don't need to get any of token manually. Client proxy handles them.

    I find that when I login to admin account, token is valid but
    When I logoff, token is invalid that cannot get response.

    If your endpoint requires authentication, you won't be able to access that endpoint when you logged out.

    Can you share more info about which endpoint you are trying to access with token?

    Hi enisn

    We have some external workers(software) to access files uploaded by Optical Character Recognition (OCR) . It could be the intranet user. To read the file , it will be downloaded via API on https:{our endpoint}/api/file-management/file-descriptor/content API

  • User Avatar
    0
    gterdem created
    Support Team

    Hi LawrenceKwan,

    You can use Client Credentials Flow (server to server) to request an access token.

    Client Credentials Flow Summary:
    1. You create a client (https://docs.identityserver.io/en/latest/quickstarts/1_client_credentials.html#creating-the-client)
    2. You make an http request to Discovery Endpoint (Using IdentityModel nuget package)
    3. You make access token request
    4. You add the token as bearer to header and make request to the resource with the defined scopes
    Using Client Credentials Flow in ABP
    1. You can create a client (either IdentityServerDataSeeder or IdentityServer UI) Now, if your application is and ABP application (has a module class and extending AbpModule class), you can add Volo.Abp.Http.Client.IdentityModel nuget package that automates steps 2, 3 and 4. You can check this part of the documentation for more information. However, since you mentioned it is an external software that can be written in any language; generic client credentials flow rules apply as I have mentioned above. There is one caveat, If your application service is protected with a permission as below: You need to add related permission to the client you have created at step 1 using either IdentityServerDataSeeder or IdentityServer UI. Here is a related part of documentation that can help.
  • User Avatar
    0
    enisn created
    Support Team

    In file management you'll see 2 endpoints to perform a download operation:

    One of them creates & returns token but requires authenticated request. After, getting that token, you can download the file from second endpoint with that token without authentication. But token's life is 60secons by default.

    For example; let say your media id is 1 to make it more understandable.

    Firstly you need to create a download token for media with a authenticated request:

    GET | /api/file-management/file-descriptor/download/1/token
    

    You'll get a response something like below. Let say the token is a to make it simple:

    {
      "token": "a"
    }
    

    Now, you can make a request from anywhere without authentication with that token.

    GET | /api/file-management/file-descriptor/download/1?token=a
    
  • User Avatar
    0
    enisn created
    Support Team

    Also you can generate token in serverside instead of sending a authenticated request:

    public class MyService : ApplicationService
    {
        private IFileDescriptorAppService fileDescriptorAppService;
    
        public MyService(IFileDescriptorAppService fileDescriptorAppService)
        {
            this.fileDescriptorAppService = fileDescriptorAppService;
        }
    
        public async Task MyMethodAsync()
        {
            var token = await fileDescriptorAppService.GetDownloadTokenAsync(Guid.Parse("..."));
        }
    }
    
Made with ❤️ on ABP v9.1.0-rc.1. Updated on January 17, 2025, 14:13