API Usage
2. Authentication
3. Roles and Permissions

Assigning Tenant Roles and Creating API Keys

In our system, managing user permissions is a vital aspect of ensuring secure access to resources. This section explains how to assign Tenant Roles to users and create API keys for authentication.

Assigning Tenant Roles

Tenant Roles are used to determine user permissions within the system. To assign a Tenant Role to a user, follow these steps:

Step 1: Making the API Call

Use the following curl command to assign a Tenant Role to a user:

curl -X 'PATCH' \
  'http://localhost:8080/api/v1/tenant/roles/<tenant-id>/assign/<role-name>/<email-address>' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <admin_bearer_token>'
  • Method: PATCH
  • Endpoint: /api/v1/tenant/roles/<tenant-id>/assign/<role-name>/<email-address>
  • Headers:
  • accept: application/json
  • Authorization: Bearer <admin_bearer_token> (Authorization token for an admin user)

Replace <admin_bearer_token> with the appropriate admin user's Bearer Token.

Step 2: Role Assignment

In the URL, replace the placeholders with the actual values:

  • <tenant-id>: The Tenant ID for which you are assigning the role.
  • <role-name>: The name of the Tenant Role you want to assign.
  • <email-address>: The user's email address to whom you are assigning the role.

After executing this command, the specified user will be granted the permissions associated with the assigned Tenant Role.

Creating API Keys

API keys provide a secure way to authenticate users and applications when accessing protected resources. To create an API key, use the following steps:

Step 1: Making the API Call

Use the following curl command to create an API key:

curl -X 'POST' \
  'http://localhost:8080/api/v1/api-key' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
    "daysTillExpiration": 10,
    "permissions": {
      "materialsPermissions": [
        "READ_MATERIALS"
      ]
    }
  }'
  • Method: POST
  • Endpoint: /api/v1/api-key
  • Headers:
  • accept: application/json
  • Content-Type: application/json

In the request body, specify the expiration duration (daysTillExpiration) and the permissions associated with the API key. In this example, the API key has permissions to read materials.

Step 2: API Key Creation

After executing this command, the system will generate an API key with the specified permissions and an expiration date.

Using the API Key

Once you have an API key, you can use it to authenticate API requests by including it in the X-API-Key header:

curl -X 'GET' \
  'http://localhost:8080/api/v1/materials/page?pageNumber=0&pageSize=10' \
  -H 'accept: application/json' \
  -H 'X-API-Key: asrralpha_3d410949ac334d5199634f0a7881b1ed67804984'

Replace asrralpha_3d410949ac334d5199634f0a7881b1ed67804984 with your generated API key.

By including the API key in the header of your requests, you can access protected resources while adhering to the specified permissions associated with the key.

If you encounter any issues or have further questions, please don't hesitate to contact our support team for assistance.

2. API Keys (Server-to-Server)