Authorization

In the new API all admin routes are protected by JWT authentication. If you would like to test these endpoints in our Swagger UI docs, you need to retrieve a JWT token first. You could do that by using an endpoint with default credentials for API administrators:

../../_images/api_platform_authentication_endpoint.png

In the response, you will get a token that has to be passed in each request header. In the Swagger UI, you can set the authentication token for each request.

../../_images/api_platform_authentication_response.png

Notice the Authorize button and unlocked padlock near the available URLs:

../../_images/api_platform_not_authorized.png

Click the Authorize button and put the authentication token (remember about the Bearer prefix):

../../_images/api_platform_authorization.png

After clicking Authorize, you should see locked padlock near URLs and the proper header should be added to each API call:

../../_images/api_platform_authorized.png