# Passing Authentication #### **The Opentact API will require an API Key to authenticate requests.** All API requests are required to be made over HTTPS, HTTP requests will return back a 302 response - permanent redirection. **There are 5 methods to pass authentication to the API.** {% tabs %} {% tab title="Basic" %} For accessing the API a valid email and password must be passed in the 'Authorization' header. The following syntax must be used in the header 'Authorization: Basic base64(email:password) ``` A valid token is base64 encoded value of 'email:password' The following syntax must be used in the headers: Authorization: Basic dXNlcm5hbWU6cGFzc3dvcmQ=v ``` | Security Scheme Type | HTTP Authorization Scheme | | -------------------- | ------------------------- | | HTTPS | Basic | | {% endtab %} | | {% tab title="JWT" %} For accessing the API a valid JWT token must be passed to the query: * in`X-Auth-Token` header * as `jwt` query param ``` A valid token is generated by the API and returned as a response of a call to the route: /rest/auth giving a valid email & password. The following syntax must be used in the headers: X-Auth-Token: xxxxxx.yyyyyyy.zzzzzz ``` | Header Parameter Name | Security Scheme Type | | --------------------- | -------------------- | | X-Auth-Token | API Key | | {% endtab %} | | {% tab title="Google" %} For accessing the API a valid Google token must be passed to the query: * in`X-Auth-Google-Token` header * as `google_token` query param ``` A valid token is generated by the Google auth API and returned as a response from the Google Sign-In library. The following syntax must be used in the headers: X-Auth-Google-Token: xxxxxx.yyyyyyy.zzzzzz ``` More info can be found here: | Header Parameter Name | Security Scheme Type | | --------------------- | -------------------- | | X-Auth-Google-Token | API Key | | {% endtab %} | | {% tab title="Facebook" %} For accessing the API a valid Facebook token must be passed to the query: * in`X-Auth-Facebook-Token` header * as `facebook_token` query param ``` A valid token is generated by the Facebook auth API and returned as a response of the Facebook Sign-In library. The following syntax must be used in the headers: X-Auth-Facebook-Token: xxxxxx.yyyyyyy.zzzzzz ``` More info can be found here: | Header Parameter Name | Security Scheme Type | | --------------------- | -------------------- | | X-Auth-Facebook-Token | API Key | | {% endtab %} | | {% tab title="HA1B" %} For accessing the API a valid HA1B token must be passed to the query: * in`X-Auth-HA1B-Token` header * as `ha1b` query param ``` A valid ha1b token is md5(@::). The following syntax must be used in the headers: X-Auth-HA1B-Token: xxxxxxyyyyyyyyzzzzzz ``` More info could be found here: | Header Parameter Name | Security Scheme Type | | --------------------- | -------------------- | | X-Auth-HA1B-Token | API Key | | {% endtab %} | | | {% endtabs %} | |

Username and password must be required for the Basic Auth

This field is used to enter the jwt token to authorize the opentact API.

## Authentication API `GET` `https://api.opentact.org/rest/auth` This api is to get the JWT token for Authorize. #### Headers | Name | Type | Description | | ---------------------------------------------- | ------ | ----------- | | X-Auth token\* | String | JWT token | {% tabs %} {% tab title="200: OK User Logged In" %} ```javascript { "success": true, "payload": { "uuid": "0116f6d1-1280-44b2-9134-da48509ec575", "email": "info@opentact.org", "wss_online": true, "role": "User", "created_on": "2022-12-29T13:17:57.457Z", "modified_on": "2022-12-29T13:17:57.457Z", "deleted_on": null, "phone_number": "+1234567890", "dob": "2022-12-29T13:17:57.457Z", "avatar": "https://google/image.png", "first_name": "First Name", "last_name": "Last Name", "gender": "Female", "account": { "created_on": "2022-12-29T13:17:57.457Z", "modified_on": "2022-12-29T13:17:57.457Z", "uuid": "f2cb79fb-6bf8-4484-8034-debf95aac73b", "email": "info@denovolab.com", "name": "DENOVOLAB", "level": "Level0", "deleted_on": null, "balance": 99.87895 } } } ``` {% endtab %} {% tab title="401: Unauthorized Unauthorized" %} ```javascript { "success": false, "message": "string", "status": 500, "meta": "string", "fields": { "params.to": { "message": "invalid integer number", "value": "qwerty123456789" } } } ``` {% endtab %} {% tab title="500: Internal Server Error Internal server error" %} ```javascript { "success": false, "message": "string", "status": 500, "meta": "string", "fields": { "params.to": { "message": "invalid integer number", "value": "qwerty123456789" } } } ``` {% endtab %} {% endtabs %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://doc.opentact.org/opentact-api-documentation/overview/passing-authentication.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.