Home

Authentication

Control API

The Control API allows clients to manage and query a cluster. Only routes prefixed with versions (e.g. '/v1') are exposed to the public internet. All endpoints require authentication.

JWT Authentication

All requests must include Header Authorization with value Bearer <token>.

The token is JSON Web Token (JWT) signed using 512 bit or 64 char shared secret (HMAC512 algo). MetaRouter provides this secret after cluster creation.

Required claims:

  1. 'wky' (string) for the write key.
  2. 'exp' (integer) for expiration.

The claim exp must be a unix timestamp in seconds. See: https://datatracker.ietf.org/doc/html/rfc7519#section-4.1.4

See https://jwt.io for more info.

Example:

Claims:

{
  "wky": "test",
  "exp": 1516239022
}

Example Header with above claims.

Authorization: Bearer eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJ3a3kiOiJ0ZXN0IiwiZXhwIjoxNTE2MjM5MDIyfQ.wv0sjOxzRdn8rdNJa-hWDqXc1VjovEORN6kHxMhRlftaqD9cghV9guVZH2_C7eizf8iAyAh7Oc8-EyqqgePX0w