User Tools


Back to Users / JESS / JEA / JBODY API

User Log-on operation


User authentication and authorization is performed by JEA using the JSON Web Tokens (JWT) mechanism. If the client does not yet hold a valid JWT, the Log-on operation must be called to retrieve one. Without a valid JWT, all other transactions will be rejected with HTTP 401 Unauthorized error code.

The user's credential to be sent to the ENSIMS Web Service include the registered email address and the password.

Synopsis

User credential object

{
    "email": "yi@jeplus.org",
    "password": "********"
}

Authorization return object

A successful authorization return object contains the status flag, message, user's name, email address, and a new JWT, as shown in the example below.

{
    "ok": true,
    "status": "Logged in successfully!",
    "jwt": "Session token in cookie",
    "user": "Yi",
    "role": null,
    "email": "yi@jeplus.org"
}

Authorization Failed object

{
    "ok": false,
    "status": "No matching username and password pair was found!"
}

Example using curl://

Send the check-in command using cURL on Linux:

curl -c cookies -H 'Content-Type: application/json' -X POST -d '{"email": "yi@jeplus.org", "password": "********"}' https://api.ensims.com/users/api/auth

If logged on successfully, an Auth return object with 'OK' status will be received with a new JWT session token. The session token with any other cookies will be saved in the file named cookies as specified by the -c option. If the user's email address and the password do not match any record on the server, and Auth Failed object will be returned.

On Windows, you need to adjust/escape the relevant quote marks.

Example using Python Requests

Make sure Requests is correctly installed in your Python environment, and run the following lines:

import requests

headers = {'Content-Type': 'application/json'}
body = {"email": "yi@jeplus.org", "password": "********"}

# Make a post request with headers and the data body
r = requests.post('https://api.ensims.com/users/api/auth', headers=headers, json=body)

# Store the received session token and any other cookies
cookies = r.cookies

# Show returned information
r.json()

A successful operation will return the JSON content such as the following:

{'email': 'yi@jeplus.org',
 'jwt': 'Session token in cookie',
 'ok': True,
 'status': 'Logged in successfully!',
 'user': 'Yi'}

You can then access each field, e.g. the new JWT, using r.json()['jwt'].


Site Tools