-
Authenticating APIv2 calls with JWT
You can use Higher Logic Vanilla's JWT addon to authenticate against the API v2, in addition to the normal web SSO flow. What is a JWT? JWT stands for JSON Web Token. JSON Web Tokens are an open, industry-standard RFC 7519 method for representing claims securely between two parties. In order to use this authentication, you…
-
Authenticating APIv2 calls with Role-Based Tokens
In Higher Logic Vanilla (Vanilla), role tokens are an authorization mechanism only valid on specific endpoints of Vanilla's API. The currently supported endpoints include: GET /api/v2/users/:userID GET /api/v2/subcommunities GET /api/v2/products What is a role token? A role token is a signed JSON Web Token (JWT) with…
-
Authenticating APIv2 calls with Personal Access Tokens
The APIv2 supports two means of authentication, and both require an access token. HTTP header To authenticate with the HTTP header, pass the access token in the Authorization field with the bearer scheme. Authorization: Bearer <your_jwt_token> ✔️ TIP: This is the preferred way of authenticating against the API because…
-
Authenticating APIv2 Calls as another User (Spoofing)
When doing server-to-server API integrations, you may want to make API calls on behalf of another user. In Higher Logic Vanilla (Vanilla), you can achieve this by spoofing another user. In this article, you'll learn how. What API calls can you spoof? You can spoof any APIv2 call you want, as long as the user you're…