Thingsboard - rest API obtains and refreshes tokens

ThingsBoard Of REST API The document uses Swagger, Most interfaces can be viewed and tested through this address （ The interface with a lock icon in the back indicates that authentication is required ）

http://{
   {YOUR_HOST}}:{
   {PORT}}/swagger-ui.html

One 、 Log in to get token

Login interface in login-endpoint In the group

POST /api/auth/login

request

The account number and password are placed in requestBody Request body

{
    
  "username": "[email protected]",
  "password": "tenant"
}

Respond to

return token and refreshToken

{
    
  "token": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZW5hbnRAdGhpbmdzYm9hcmQub3JnIi...",
  "refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZW5hbnRAdGhpbmdzYm9hcmQub3JnIi..."
}

Interface requiring authentication , stay Header Zhongba token close （ Be careful ：Bearer There is a space after ）：

X-Authorization: Bearer $JWT_TOKEN_VALUE

Two token, All are JWT encryption , Can be decrypted through online tools . Decrypt it ,token Is valid for 2.5h,refreshToken yes 7day.JWT The explanation and decryption tools are shown at the end

Two 、 Refresh token

Refresh token Don't pass Swagger Generated in document

POST /api/auth/token

request

hold refreshToken Put it in the request body （Header No need to carry token）：

{
    
  "refreshToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZW5hbnRAdGhpbmdzYm9hcmQub3JnIi..."
}

Respond to

Will return a new token And the new refreshToken

{
    
  "token": "abchbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZW5hbnRAdGhpbmdzYm9hcmQub3JnIi...",
  "refreshToken": "efghbGciOiJIUzUxMiJ9.eyJzdWIiOiJ0ZW5hbnRAdGhpbmdzYm9hcmQub3JnIi..."
}

3、 ... and 、 Reference resources

• ThingsBoard REST API
• how to use refresh token to renew session #840
• Ruan Yifeng ——JSON Web Token Introductory tutorial
• JWT Decrypt online