How to Work with Authentication Token in Firebolt

Help Center
1

Introduction

In Firebolt, every API request is secured using an access token. Understanding how to retrieve and manage these tokens is crucial for maintaining secure and uninterrupted access to the API. By the end of this article, you will know how to generate, validate, and manage access tokens for Firebolt API requests.

TL;DR

  • Generate an authentication token using a POST request.

  • Validate the token’s expiration time using JWT claims.

  • Handle token expiration by generating a new token when needed.

Step-by-Step Guide

Step 1: Generate and Cache the Access Token

To start, you need to generate an access token by making a POST request to the Firebolt token endpoint. This request will include your client credentials. Once received, this token should be cached for future use to minimize repeated requests for tokens.

Example API request:

curl --location --request POST 'https://id.app.firebolt.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<id>' \
--data-urlencode 'client_secret=<secret>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.firebolt.io'

Step 2: Validate the Token Expiration

The generated token includes an expiration field, called exp, that indicates its validity period. You can use online tools like jwt.io to decode the token and check its expiration time. This step is optional but recommended to ensure your token is still valid before making API requests.

Step 3: Handle Token Expiration Errors

When an API request fails due to token expiration, you need to generate a new authentication token. Catch the expiration error, request a new token using the steps in Step 1, and retry the API request with the new token.

Example error response for expired token:

{
  "kind": "unauthenticated",
  "status": 401,
  "title": "Authentication required"
}

Step 4: Retry the API Call with a New Token

Once a new token is generated, cache it again and retry the original API request using the new token.

Example API request:

curl --location 'https://<user engine URL>&database=<database name>' \
--header 'Authorization: Bearer <new_access_token>' \
--data '<SQL_query>'