Authentication
Most of the LakeSail API operations require authenticated requests. This page describes how authentication works in the LakeSail API.
Authentication Methods
User Authentication
Human users are authenticated via the access token. The access token is issued by the server when the user signs in. The access token is either a JSON Web Token (JWT) or an opaque bearer token. The type of the token can be configured in the server configuration.
The access token is securely stored in the browser's local storage and sent to the server in the Authorization
header with the Bearer
scheme.
Authorization: Bearer <token>
The user authentication mechanism is intended for the LakeSail web console to interact with the LakeSail API. The access token is short-lived and will be refreshed automatically by the web console in the background.
An experienced user can also use the token to interact with the API directly for testing purpose, after obtaining the token from the browser's developer tools. However, note that the token will expire after a certain period of time, so it is not suitable for production use cases.
Service Account Authentication
Service accounts are authenticated using service account keys. You can create service account keys using the CreateServiceAccountKey operation.
To authenticate a service account, include the service account key in the Authorization
header with the Bearer
scheme:
Authorization: Bearer <key>
Please note that service account keys should be securely stored and not exposed in client-side code.
Getting the Current Identity
You can use the DescribeCurrentIdentity operation to get the current identity.
GET /api/org/v1/me
You will find information about either the user or the service account in the response body, depending on the type of credential specified in the Authorization
header of the HTTP request.