3.3) Hasura Auth API + Postman collection for Expense Tracker
In this blog post we will be going through Hasura Auth API and Postman collection which is the task 3 of week 3 for the Hasura Internship. You can have a look at our Schema Modelling to get a better understanding of this task.
User management is an important part of an application. It lets you manage users that use your app. It includes registration, login, logout, reset password etc. For user management Hasura offers the Auth service. You can refer to the original documentation here — Auth Service by Hasura.
What is Auth Service?
The auth service is a part of every Hasura project. It has extensive APIs to manage users, roles and integrates with various social login providers. These are the endpoints that we are interested in to build our ExTra Expense Tracker app.
How it works
Hasura Auth provides an HTTP API for authentication and authorization of identities on the Hasura platform. This API can be consumed directly by frontend interfaces like mobile apps, browser-based apps, device apps as well as any server-side program.
Basic actions
Basic actions includes registering, logging in a user, viewing user info and logout. We will see below how to perform these basic actions.
Steps for using Hasura Auth API
- Login to your console and on the home page under running services in Auth click on status. Now note down you External Endpoint. In our case, it is http://auth.c100.hasura.me/.
2. Next, open Postman app and set it up as following:
- Select the Body tab and make sure you specify that you wish to make a POST request. The endpoint to which you have to make the request will differ depending upon whether the request is a signup request, login request, view user info update request or logout request.
For signup : http://external-endpoint/signup
For login : http://external-endpoint/login
For viewing user info : http://external-endpoint/user/account/info
For logout : http://external-endpoint/user/logout - Specify that you want to provide raw data and select Content-Type as JSON(application/json).
Now you are ready to use Hasura Auth APIs.
- Register a user
Suppose a new user wishes to register, we can use the following JSON query :
The new user gets an id and is allotted the “user” role. The “auth_token” for the user is also specified in the response.
Every user created with the /signup endpoint is assigned the role user.
2) Login
For the newly registered user to login to the application, we can use the following JSON query :
When a user logs in, a new session token is created for the user. It is set as cookie and also returned in auth_token of the response. The token and the associated user’s information is stored in the session store.
3) User info
There may be scenarios in which we may want to retrieve details about the current user. In such cases, we make the User info query.
For viewing user info, make sure to change the request type to “GET”.
To make the request, in the Headers tab, add a new key “Authorization” and specify it’s value as “Bearer auth_token”.
Using this endpoint, information about current logged in user can be retrieved.
4) Logout
In order to logout from an application, the user must be able to make logout requests. This can be achieved by the following :
Making POST request to specified endpoint and adding a new key in Headers tab. The key must be specified as “Authorization” and it’s value should be specified as “Bearer auth_token”.
After making the request, we get the response that confirms that we have been logged out successfully.
The API collection used for authentication are : https://www.getpostman.com/collections/b33b8041032c9111324f
References:
-Akash Dabhi and Vinit Neogi
