Authentication

All API requests require a session Cookie, which you get when you login to the app.

For mutative requests (DELETE, POST, PUT, PATCH), you need add a csrftoken to the cookie header and the same value need to be sent as a header X-CSRFToken.

Get a session cookie

To get a session cookie, you need to login, then get the cookie in sessionid.

### Request
POST /api/auth/login HTTP/1.1
Content-Type: application/json

{
  "username": "<your-username>",
  "password": "<your-password>"
}

### Response
HTTP/1.1 201 Created
Content-Type: application/json

Set-Cookie: sessionid=tvmt1xp0c2ep33htukqm140fb4igkz4u; Domain=.127-0-0-1.sslip.io; expires=Wed, 24 Jul 2024 16:49:05 GMT; HttpOnly; Max-Age=1209600; Path=/; SameSite=Lax

{
  "id": 2,
  "name": "New Resource Name",
  "description": "New Resource Description"
}

Perform an authorized Request

### Request
GET /api/auth/me HTTP/1.1
Cookie: sessionid=tvmt1xp0c2ep33htukqm140fb4igkz4u;

### Response
HTTP/1.1 201 Created
Content-Type: application/json

{
  "user": {
    "username": "fredkiss3",
    "first_name": "",
    "last_name": ""
  }
}

Perform a mutative request

To perform a mutative request i.e POST, PUT, PATCH, DELETE requests, you need to follow 2 steps :

1. Obtain a csrf token :

### Request
GET /api/csrf HTTP/1.1

### Response
HTTP/1.1 200 OK

Set-Cookie: csrftoken=zydcEbNXQGJFxzLphKEO8Mg88VdEwi8c; expires=Wed, 09 Jul 2025 17:03:09 GMT; Max-Age=31449600; Path=/; SameSite=Lax

2. Then add the csrftoken both in the cookie and in X-Csrftoken header :

### Request
POST /api/projects HTTP/1.1
Content-Type: application/json
Cookie: sessionid=tvmt1xp0c2ep33htukqm140fb4igkz4u; csrftoken=zydcEbNXQGJFxzLphKEO8Mg88VdEwi8c;
X-Csrftoken: zydcEbNXQGJFxzLphKEO8Mg88VdEwi8c

{
  "slug": "sandbox"
}

### Response
HTTP/1.1 201 Created
Content-Type: application/json

{
  "description": null,
  "id": "prj_GxCy6Tg35ax",
  "slug": "sandbox-2",
  "created_at": "2024-07-10T17:05:56.276194Z",
  "updated_at": "2024-07-10T17:05:56.276180Z"
}