Introduction
In Firebolt, every API request is secured using an access token. Understanding how to retrieve and manage these tokens is crucial for maintaining secure and uninterrupted access to the API. By the end of this article, you will know how to generate, validate, and manage access tokens for Firebolt API requests.
TL;DR
-
Generate an authentication token using a
POST
request. -
Validate the token’s expiration time using
JWT
claims. -
Handle token expiration by generating a new token when needed.
Step-by-Step Guide
Step 1: Generate and Cache the Access Token
To start, you need to generate an access token by making a POST
request to the Firebolt token endpoint. This request will include your client credentials. Once received, this token should be cached for future use to minimize repeated requests for tokens.
Example API request:
curl --location --request POST 'https://id.app.firebolt.io/oauth/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'client_id=<id>' \
--data-urlencode 'client_secret=<secret>' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'audience=https://api.firebolt.io'
-
Replace
<id>
with the service account ID -
Replace
<secret>
with the service account secret
Step 2: Validate the Token Expiration
The generated token includes an expiration field, called exp
, that indicates its validity period. You can use online tools like jwt.io to decode the token and check its expiration time. This step is optional but recommended to ensure your token is still valid before making API requests.
Step 3: Handle Token Expiration Errors
When an API request fails due to token expiration, you need to generate a new authentication token. Catch the expiration error, request a new token using the steps in Step 1, and retry the API request with the new token.
Example error response for expired token:
{
"kind": "unauthenticated",
"status": 401,
"title": "Authentication required"
}
Step 4: Retry the API Call with a New Token
Once a new token is generated, cache it again and retry the original API request using the new token.
Example API request:
curl --location 'https://<user engine URL>&database=<database name>' \
--header 'Authorization: Bearer <new_access_token>' \
--data '<SQL_query>'