Authentication

Tip

Looking for our API Reference? Or want to query the API directly from Python.

GeoDataHub uses the secure Oauth 2.0 protocol to authenticate users. All users are provided a time limited access token that uniquely identifies them on the platform.

Once authenticated users receive three tokens,

• Access Token: Used to inform the backend about the users' access level
• Refresh Token: Used to obtain a new ID and access tokens
• Identity Token: Used to identify the user

Important

The access and identity tokens expires after 1 hour. Refresh tokens expire after 27 days.

Each API call must contain a valid identity token that informs the backend of who is requesting access. Tokens, therefore, standing for users against the API. If a token is lost or compromised logout from the platform and obtain fresh tokens. It is important to store tokens securely and not transfer tokens across insecure channels.

Login via Python

The fastest way for developers to obtain a valid token is using the command line tool,

gdh login --print-all-tokens

If you are already logged in use the --use-refresh-token option to obtain new tokens.

The login command automatically stores the token in the users home folder. On Linux/Mac /home/<USERNAME>/.gdh/authentication or on Windows c:\Users\<CurrentUserName>\.gdh\authentication. The authentication file is JSON encoded and contains a single key.

Using the web-based login

Users can login or register via the browser using geodatahub.dk/login using the default Authorization Code flow. After logging in the user is given a one-time code they may exchange for a valid access token. Submit the code to obtain the tokens,

HTTP

POST https://auth-dev.geodatahub.dk/oauth/token

HEADERS
  "Content-type": "application/x-www-form-urlencoded"

BODY
  grant_type: 'authorization_code'
  client_id: '7aetu7cj45ah6m494hutdldbd1'
  code: <THE ONE-TIME CODE>
  redirection_uri: 'https://www.geodatahub.dk/validate-code.html'

Python

import requests

payload = {
    'grant_type':'authorization_code',
    'client_id':'7aetu7cj45ah6m494hutdldbd1',
    'code':code,
    'redirect_uri': 'https://www.geodatahub.dk/validate-code.html'
}
headers = {'Content-type': 'application/x-www-form-urlencoded'}

auth_url = "https://auth-dev.geodatahub.dk/oauth/token"
resp = requests.post(auth_url, data=payload, headers=headers)
print(resp.json())

A successful authorization returns the response,

HTTP/1.1 200 OK
Content-Type: application/json

{ 
 "access_token":"eyJz9sdfsdfsdfsd", 
 "refresh_token":"dn43ud8uj32nk2je", 
 "id_token":"dmcxd329ujdmkemkd349r",
 "token_type":"Bearer", 
 "expires_in":3600
}

Sending authorized requests

Authenticate against the API by including the access token in the Authorization header parameter.

HTTP

GET https://api-dev.geodatahub.dk/datasets

HEADERS
  "Authorization": "NgCXRK...MzYjw"

Command line

curl -X GET -H 'Authorization: eyJ...r9A' https://api-dev.geodatahub.dk/datasets

Python

import requests

url = "https://api-dev.geodatahub.dk/datasets"
headers = {"Authorization": "Basic ZjM4Zj...Y0MzE="}

resp = requests.get(url, headers=headers)
print(resp.json())

If successful the command will return a JSON encoded list of all public datasets.

Learn more about the Web API in the basic operations guide.

Reference

• API Reference