> ## Documentation Index
> Fetch the complete documentation index at: https://docs.bespot.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Authentication

> How to authenticate with the Datamine API

Bespot API supports both Basic Authentication and JWT Authentication over HTTPS. While both authentication methods are supported, API consumers are **strongly** advised to use JWT method to authenticate. To consume any resource the `Authorization` HTTP header is **required**.

## Basic Authentication

To consume an endpoint using Basic Authentication, the `Authorization` HTTP header should be filled with prefixed with the following string: `Basic ` and the available credentials encoded in *Base64* format.

`Authorization: Basic BASE64_ENCODED_CREDENTIALS`

## JWT Authentication

Before consuming any endpoint, each client needs to be authenticated with the API providing the authentication credentials. If the authentication is successful, a JWT `access` token is provided. This token can, then, be used in each subsequent API request so for the client to be authorised to access each the resource.

### GET JWT ACCESS TOKEN

See below the details of the authentication request to acquire the JWT *access* token.

### Resource \[POST]

`[/auth/jwt/token/]`

### Request

```
{
  "username": "test-username",
  "password": "test-password",
}
```

### Response

```
{
    "access": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlIiwiSXNzdWVyIjoiZHNmIiwiVXNlcm5hbWUiOiJkZnNmZHMiLCJleHAiOjE3MDgwNzgwNTIsImlhdCI6MTcwODA3ODA1Mn0.QzC_fwqMsWUJS9VBiqLt_PJnQaCLnOI3B-xOEdK6Ops",
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}
```

### Example cURL

```
curl --location 'https://datamine.bespot.io/api/auth/jwt/token/' \
--header 'Content-Type: application/json' \
--data '{ "username": "test-username", "password": "test-password" } '
```

### ACCESSING API RESOURCES

If the client is authenticated successfully, a JWT *access* token and a *refresh* token are returned. To consume an endpoint using JWT Authentication, the `Authorization` HTTP header should be filled with the acquired JWT *access* token prefixed with the following string: `Bearer `.

`Authorization: Bearer JWT_ACCESS_TOKEN`

### REFRESH JWT ACCESS TOKEN

JWT *access* tokens are expiring for security purposes. In such case, the JWT *access* token gets invalided and a new one should be acquired. To get a new JWT *access* token, client can use the provided *refresh* token from the `/auth/jwt/token/` response. See below the details of the authentication request.

### Resource \[POST]

`[/auth/jwt/token/refresh/]`

### Request

```
{
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}
```

### Response

```
{
    "access": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlZmRzZGZzIiwiSXNzdWVyIjoiSXNzdWVyIiwiVXNlcm5hbWUiOiJkZnNkZmZkZnNmZHMiLCJleHAiOjE3MDgwNzkwNjUsImlhdCI6MTcwODA3OTA2NX0.SmcSysBMGLpUzgoBhyw7XjfLw4RYYuk7K5cAPcjdcxs",
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiZ2VydGdlZmRzZGZzIiwiSXNzdWVyIjoiZHNmcmVncmdlciIsIlVzZXJuYW1lIjoiZGZzZGZmZGZzZmRzIiwiZXhwIjoxNzA4MDc5MDY1LCJpYXQiOjE3MDgwNzkwNjV9.IR93o7o3OfU5mSYts4i025D4rDMLPhkVe4UMhuZMzek"
}
```

### Example cURL

```
curl --location 'https://datamine.bespot.io/api/auth/jwt/token/refresh/' \
--header 'Content-Type: application/json' \
--data '{
    "refresh": "eyJhbGciOiJIUzI1NiJ9.eyJSb2xlIjoiQWRtaW4iLCJJc3N1ZXIiOiJJc3N1ZXIiLCJVc2VybmFtZSI6IkphdmFJblVzZSIsImV4cCI6MTcwODA3ODA1MiwiaWF0IjoxNzA4MDc4MDUyfQ.qozYevTJz7iZ6968OxGXSE4Ll3ePS027zQqFWZZUTnk"
}'
```
