Authentication in DADI API

DADI API uses the client credentials flow of OAuth 2.0 to allow clients to access protected resources by obtaining an access token. First we'll setup an instance of API, then we'll go through creating some credentials, and using them to obtain a Bearer token, before we query a protected resource with our new token.

API 2.X requires a MongoDB instance to work. If you don't have one of those setup already, you can easily start one with Docker to test with:

$ docker run -d -p 27017:27017 mongo:3.2

Let's create a new API app using the DADI CLI (npm install @dadi/cli -g):

$ dadi api new simple-api
✔ Checking the available versions of DADI API
✔ Downloading boilerplate (100%)
✔ Installing DADI API (2.2.x)
 
All done! Run the following command to launch your new instance of DADI API:
 
cd simple-api && npm start

Cool, now let's create some credentials:

$ cd simple-api
$ dadi api clients:add
? What is the client ID? testUser
? What is the secret? testPassword
? What type of access does the user require? user
✔ Created client with ID testUser and type user

So now we have API setup, and a new user created, but where is this information stored? If you have a look in the file, you'll find the block:

Authentication in DADI API

Don't miss these

Using Routes to Deliver Targeted Content

Installing and Configuring DADI CDN

Introducing the DADI Testnet