Authentication and Authorization

Create API keys

In order to interact with your data, you need to authenticate using API keys and create a policy for specific API. Head over to the Access Control tab and click API Keys to create API Keys. Copy the API key and the secret and store them somewhere safe. You will need to provide them while authenticating.

Create Policies

As a developer, you want to be able to specify the permissions of specific actions of applications on resources so that you can have full control over access to your application’s data. For this goal, policies are introduced. In order to create/update policy, you will need to specify the description, select at least one resource, select at least one subject (which is the API key) and pick the actions that this policy allows. After saving, this policy will automatically be applied to your project. By default, all resources are denied. By policy you will open access to some resources.

List policies

Head over to the Access Control tab and click Policies to view the list of already created policies. All policy related actions can be performed on this page.

Create policy

Click the button "Create policy". The creation dialog will appear. Fill in all necessary data and hit "Save policy". A new policy is created and ready to use.

Update policy

Click the "pencil" button/icon on the policy row of your choice. The dialog for policy updates will appear. Change all necessary data and hit "Save policy". The policy is updated.

Click the "trash" button/icon on the policy row of your choice. The "Delete Confirmation" dialog will appear. Read the message carefully and choose the action that suits your needs.

Authenticate through the Javascript SDK

In order to communicate with your data in your Javascript application, you can use the Javascript SDK. You can use the SDK both serverside and browser side. In order to use your data serverside, you need to have Nodejs installed. Authentication and authorization are handled automatically by the SDK, you only need to provide your credentials once at SDK initialization. Steps described above must be done (create API and Policy) 

You can install the SDK through NPM:

npm install jexia-sdk-js node-fetch ws --save

The jexiaClient() function will return an instance of the Client class. On Node.JS, you will need to provide a fetch standard-compliant function as a parameter. You will need to add a compatible dependency to your project. For the development of the SDK we've used node-fetch. Module ws is needed if you want to work with Real Time Communication Jexia module

const sdk = require('jexia-sdk-js/node');
const fetch = require("node-fetch");
  
let initializedClientPromise = sdk.jexiaClient(fetch).init({
  projectID: "your Jexia ProjectID", 
  key: "<your-apikey>", 
  secret: "<your-secret>"
});
initializedClientPromise.then( initializedClient => {
  // you have been succesfully logged in!
  // you can start using the initializedClient variable here
}).catch( error => {
  // uh-oh, there was a problem logging in, check the error.message for more info
});

Authenticate through REST API

You can also authenticate though the REST API:

Make a POST request 

POST https://<project-id>.app.jexia.com/auth/

Send the API key and secret along with the request in the body:

{
    "method": "apk",
    "key": "<apikey>",
    "secret": "<secret>"
}

In a similar way a (registered) user can authenticate:

{
    "method": "ums",
    "email": "<registered email>",
    "password": "<password>"
}

or via JS SDK ... 

import { jexiaClient, UMSModule } from "jexia-sdk-js";

const ums = new UMSModule(); 
jexiaClient().init({  
  projectID: "your-project-id"
}, ums);

const user = await ums.signIn({  
  email: 'Elon@tesla.com',  
  password: 'secret-password',  
  default: false, 
  alias: 'Elon Musk'
);

The response will look like this:

{
    "access_token": "<access-token>",
    "refresh_token": "<refresh-token>"
}

Now send your (access) token along in the Authorization header with each request you make

"Authorization": "Bearer <access-token>"

Full details on this API can be found in its documentation.