# Authentication
eKuiper support JWT RSA256 authentication for the RESTful management APIs since 1.4.0 if enabled . Users need put their Public Key in etc/mgmt folder and use the corresponding Private key to sign the JWT Tokens. When user request the RESTful apis, put the Token in http request headers in the following format:
Authorization: XXXXXXXXXXXXXXX
1
If the token is correct, eKuiper will respond the result; otherwise, it will return http 401code.
# JWT Header
{
"typ": "JWT",
"alg": "RS256"
}
1
2
3
4
2
3
4
# JWT payload
The JWT Payload should use the following format
| field | optional | meaning |
|---|---|---|
| iss | false | Issuer , must use the same name with the public key put in etc/mgmt |
| aud | false | Audience , must be eKuiper |
| exp | true | Expiration Time |
| jti | true | JWT ID |
| iat | true | Issued At |
| nbf | true | Not Before |
| sub | true | Subject |
There is an example in json format
{
"iss": "sample_key.pub",
"adu": "eKuiper"
}
1
2
3
4
2
3
4
When use this format, user must make sure the correct Public key file sample_key.pub are under etc/mgmt .
# JWT Signature
need use the Private key to sign the Tokens and put the corresponding Public Key in etc/mgmt .
What’s on this page