Authentication and authorization
The user can be authenticated and granted certain permissions in FastReport Corporate Server using one of two available options:
Via JWT token.
In this case, authentication must be done personally, and the token will only be valid for 5 minutes, during which the user must log in to the application. When connecting to the server, the browser will redirect to the authentication server, and then an access token will be generated. For security reasons, we have set up limitations so that a JWT token can be obtained only by the user personally.
If within 5 minutes the user has not entered the application, then authentication must be repeated. If the user is logged into the application, re-authentication is not required.
Via API key.
In this case, access is obtained for server applications. To obtain an access key (API key), the presence of the user is required. However, the key itself can be valid for a long time, for example, a year.
Getting the first API key
To get the first API key, use the user panel. If for some reason there is no access to the user panel, you can request a key as described below.
Open the link in a browser: https://fastreport.cloud/account/signin?r=https://fastreport.cloud/api/manage/v1/ApiKeys.
Upon clicking on this link you will be redirected to the automatic browser authentication process.
Now that the authentication is complete, request a new key.
Press
F12orCtrl+Shift+Ito open the developer panel. The keyboard shortcut may be non-standard. In this case, open the developer panel through the browser menu.Copy and execute the code in the JavaScript console.
This code will make a
POSTrequest to the URLhttps://fastreport.cloud/api/manage/v1/ApiKeysto generate a new access key until 2030.await fetch('https://fastreport.cloud/api/manage/v1/ApiKeys', { method: 'POST', headers: { 'Content-Type': 'application/json;charset=utf-8' }, body: JSON. stringify({ "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" }) });Refresh the browser page and take the result.
{ "apiKeys": [ { "value": "cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey", "description": "Generated by js develop panel", "expired": "2030-01-01T07:41:23.399Z" } ], "count": 1 }
Now you can use the API key; in case above it is cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey.
There is no need to repeatedly receive a new API key through the browser.
How to use API key
The key should be sent with each request in the header Authorization: Basic. Use apikey as the username and the key value as the password. For example.
Authorization: Basic Base64Encode(apikey:cc355oeu1z5d5wncayo33me6c1g5junqdqk4pkupid7t8ynjshey);
Where Base64Encode is the function to convert the string to base64 when using UTF8 encoding.
Getting a new API key
To get a new key, make a POST request to the entry point https://fastreport.cloud/api/manage/v1/ApiKeys and send JSON in the request body by scheme below.
{
"description": "string",
"expired": "string($date-time)"
}
A sample request.
curl -X POST "https://fastreport.cloud/api/manage/v1/ApiKeys" -H "accept: text/plain" -H "authorization: Basic YXBpa2V5OmNjMzU1b2V1MXo1ZDV3bmNheW8zM21lNmMxZzVqdW5xZHFrNHBrdXBpZDd0OHluanNoZXk=" -H "Content-Type: application/json-patch+json" -d "{ \"description\": \"Generated by js develop panel\", \"expired\": \"2030-01-01T07:41:23.399Z\"}"
A response scheme.
{
"value": "string",
"description": "string",
"expired": "2020-12-02T08:47:43.270Z"
}