Authenticating calls using JWT

The Metrici REST interface supports the authentication of users through a JWT. The JWT is passed in the Authorization header as a bearer token.

The following are required:

  • The JWT must contain a "kid" claim that provides the reference to a node version that contains a public key in the system.NODE_DATA field.
  • The JWT must be verifiable by the key.
  • The JWT must contain a "sub" field that contains the user's logon reference.
  • The JWT must contain in the "scope" claim the scope "access".
  • The owner of the key must have authority to set the user's password.

If these conditions are met, credentials that identify the user are passed to the node execution. If not, a suitable HTTP status code is returned.

JWTs generated using Metrici's JWT support can follow these standards.

The Metrici REST interface can also be secured with user logon reference and password, or session tokens, as described in the web service credentials section of Web service interface.