# Authentication
eKuiper support JWT RSA256
authentication for the RESTful management APIs since 1.4.0
if enabled . Users need put their Public Key in etc/mgmt
folder and use the corresponding Private key to sign the JWT Tokens. When user request the RESTful apis, put the Token
in http request headers in the following format:
Authorization: XXXXXXXXXXXXXXX
1
If the token is correct, eKuiper will respond the result; otherwise, it will return http 401
code.
# JWT Header
{
"typ": "JWT",
"alg": "RS256"
}
1
2
3
4
2
3
4
# JWT payload
The JWT Payload should use the following format
field | optional | meaning |
---|---|---|
iss | false | Issuer , must use the same name with the public key put in etc/mgmt |
aud | false | Audience , must be eKuiper |
exp | true | Expiration Time |
jti | true | JWT ID |
iat | true | Issued At |
nbf | true | Not Before |
sub | true | Subject |
There is an example in json format
{
"iss": "sample_key.pub",
"adu": "eKuiper"
}
1
2
3
4
2
3
4
When use this format, user must make sure the correct Public key file sample_key.pub
are under etc/mgmt
.
# JWT Signature
need use the Private key to sign the Tokens and put the corresponding Public Key in etc/mgmt
.
What’s on this page