# Authentication

eKuiper support JWT RSA256 authentication for the RESTful management APIs since 1.4.0 if enabled . Users need put their Public Key in etc/mgmt folder and use the corresponding Private key to sign the JWT Tokens. When user request the RESTful apis, put the Token in http request headers in the following format:

Authorization: XXXXXXXXXXXXXXX
1

If the token is correct, eKuiper will respond the result; otherwise, it will return http 401code.

# JWT Header

{
  "typ": "JWT",
  "alg": "RS256"
}
1
2
3
4

# JWT payload

The JWT Payload should use the following format

fieldoptionalmeaning
issfalseIssuer , must use the same name with the public key put in etc/mgmt
audfalseAudience , must be eKuiper
exptrueExpiration Time
jtitrueJWT ID
iattrueIssued At
nbftrueNot Before
subtrueSubject

There is an example in json format

{
  "iss": "sample_key.pub",
  "adu": "eKuiper"
}
1
2
3
4

When use this format, user must make sure the correct Public key file sample_key.pub are under etc/mgmt .

# JWT Signature

need use the Private key to sign the Tokens and put the corresponding Public Key in etc/mgmt .

What’s on this page