Authentication

How the heck do I get a token?

Token - what is it good for?

Just about everything. At least if you're trying to access our API. We know you're a good and honest person, but that guy over there looks kind of shady. Maybe we shouldn't let him in.

We use JSON Web Tokens to make sure you are really you. The token is a small JSON dictionary with some information about you and what you have access to all wrapped up and signed by Auth0, our Identity provider. We validate the JWT's authenticity on every API call to make sure its really you accessing all of your stuff in Tuono.

How to get a token?

You get a token by logging in. When you use the GUI, this is done when you provide your username and password - you just never see the token. It's managed for you by your web browser. When you use the API, you (or at least your software engineer) need to manage the token. But the general flow is the same for both the GUI and the API. Login with your username/password, get a token in return, then present that token on all future calls to the API.

Login method

Make a POST call to https://portal.tuono.io/api/v1/auth/login, with "username" and "password" set in a JSON dictionary in the body.

Login

POST https://portal.tuono.io/api/v1/auth/login

Login and get a token.

Request Body

Name	Type	Description
password	string	The password for the username specified.
username	string	The username to login as. Usually an email address.

200

{"object": {"token": "A really long string that is your JWT"}}

Example code

Python

import json
import requests

username = "Your username"
password = "Your password - but please don't store it in code"
url = "https://portal.tuono.io/api/v1/auth/login"
headers = {"Content-Type": "application/json"}
data = {"username": username, "password": password} 
response = requests.post(url, headers=headers, data=json.dumps(data))

token = response.json()["object"]["token"]

Bash