Authentication and authorization
The user can be authenticated and granted certain permissions in FastReport Corporate Server using one of two available options:
Via JWT token.
In this case, authentication must be done personally, and the token will only be valid for 5 minutes, during which the user must log in to the application. When connecting to the server, the browser will redirect to the authentication server, and then an access token will be generated. For security reasons, we have set up limitations so that a JWT token can be obtained only by the user personally.
If within 5 minutes the user has not entered the application, then authentication must be repeated. If the user entered the application, re-authentication is not required.
Via API key.
In this case, access is obtained for server applications. To obtain an access key (API key), the presence of the user is required. However, the key itself can be valid for a long time, for example, a year.
Getting the first API key
To get the first API key, use the user panel. If for some reason there is no access to the user panel, you can request a key as described below.
Open the link in a browser: https://fastreport.cloud/account/signin?r=https://fastreport.cloud/api/manage/v1/ApiKeys.
Upon clicking on this link you will be redirected to the automatic browser authentication process.
Now that the authentication is complete, request a new key.
Press
F12orCtrl+Shift+Ito open the developer panel. The keyboard shortcut may be non-standard. In this case, open the developer panel through the browser menu.Copy and execute the code in the JavaScript console.
This code will make a
POSTrequest to the URLhttps://fastreport.cloud/api/manage/v1/ApiKeysto generate a new access key until 2030.await fetch('https://fastreport.cloud/api/manage/v1/ApiKeys', { method: 'POST', headers: { 'Content-Type': 'application/json;charset=utf-8' }, body: JSON. stringify({ "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" }) });Refresh your browser page and get the result.
{ "apiKeys": [ { "value": "cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey", "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" } ], "count": 1 }
Now you can use the API key; in case above it is cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey.
There is no need to repeatedly receive a new API key through the browser.
How to use API key
The key should be sent with each request in the header Authorization: Basic. Use apikey as a username and the key value as a password. For example:
Authorization: Basic Base64Encode(apikey:cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey);
Where Base64Encode is the base64 string encoding function.
FastReport.Cloud.SDK has a special class that allows you to add a key to the request header
To add the desired header, create a new HttpClient.
HttpClient httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Authorization = new FastReportCloudApiKeyHeader(apiKey);
Now this HttpClient can be used for all requests.
Getting a new API key
To get a new key, call the <xref:FastReport.Cloud.Management.ApiKeysClient.CreateApiKeyAsync(FastReport.Cloud.CreateApiKeyVM)> method.
CreateApiKeyVM model = new CreateApiKeyVM()
{
Description = "Created by FastReport.Cloud.SDK",
Expired = DateTime.Now.AddYears(1)
};
IApiKeysClient apiKeysClient = new ApiKeysClient(httpClient);
await apiKeysClient.CreateApiKeyAsync(model);
Whenever possible, use asynchronous methods rather than synchronous ones.
As a result of executing this function, the model <xref:FastReport.Cloud.ApiKeyVM> will be received.