Logging in via the API

In release 2.2, Riffyn has improved security for api-keys. As a result, api-keys will be shown only once (when they are generated) on the first visit to the /v1/login endpoint. To invalidate an existing key visit the /v1/logout endpoint. To refresh an already issued api-key do a logout followed by a login operation.

Examples of logging in via the API are as follows:

  • cURL
  • Python
    • Using the Riffyn SDK with Swagger
    • Using Requests
  • Postman (an HTTP client)

(Note: The api key in the examples is invalid.)


Browser instructions :

  1. Go to the  root url (ex: api.app.riffyn.com) where you will be prompted to login with basic auth and then go to the /v1/login endpoint to get the api-key. Note if you have a VPC implementation of Riffyn, the API will be api.yourcompany.riffyn.com, where yourcompany is replaced with your company subdomain name for Riffyn SDE.
  2. To re-generate the api-key go to the  /v1/logout endpoint and then log in again.

Note: To regenerate an api-key you may need to clear the browser history before logging in again. Use a different browser (Firefox) so you don't loose all your cookies.

Curl instructions

  • To get the api-key (you will be prompted to enter your password - you must include quotes on your username )
    curl -u "<USERNAME>" https://api.app.riffyn.com/v1/login -v

Example :
$ curl -u "ondine" https://api.app.riffyn.com/v1/login -v

Enter host password for the user and the success message will be:
{"message":"This Api key is displayed only once, please save it and store securely","apiKey":""EJtL5JRdssaaJwjhWF.SzgsNPHo7dsdsaAAvcLDy4wvJQF","username":"ondine"}

  • Accessing any endpoint
    curl https://api.app.riffyn.com/v1/units -H 'Cache-Control: no-cache' -H 'api-key: <YOUR API KEY>' -v

$ curl https://api.app.riffyn.com/v1/units -H 'Cache-Control: no-cache' -H "api-key:EJtL5JRdssaaJwjhWF.SzgsNPHo7dsdsaAAvcLDy4wvJQF

{"links":{},"meta":{"total-count":61,"total-pages":1},"data":[{"_id":"2WCzs348uj68LAB99","name":"test test test","symbol":"a","description":"","definition":"a","definitionBase":null,"unitOf":[],"notes":null,"siUnit":false,"synonyms":[],"source":"USER_DEFINED","shareable":true,"accessibleTo":...
<Result truncated for brevity>

  • Logout to create a new api-key
    curl -u "<USERNAME>" https://api.app.riffyn.com/v1/logout

Example for logout
$ curl -u "ondine" https://api.app.riffyn.com/v1/logout
Enter host password for user

Example for login
$ curl -u "ondine" https://api.app.riffyn.com/v1/login -v
Enter host password for user
{"message":"This Api key is displayed only once, please save it and store securely","apiKey":""EJtL5JRdssaaJwjhWF.SzgsNPHo7dsdsaAAvcLDy4wvJQF","username":"ondine"}

Python 2.7 instructions

  • Install Requests package
    pip install requests
  • Run the below script:
    import requests
    r = requests.get('https://api.app.riffyn.com/v1/logout', auth=('user', 'pass'))
    r = requests.get('https://api.app.riffyn.com/v1/login', auth=('user', 'pass'))
    print r.status_code
    print r.text

  • Make request to any of the endpoints with the api-key in the header
    r = requests.get('https://api.app.riffyn.com/v1/login', headers={'api-key':'EJtL5JRdssaaJwjhWF.SzgsNPHo7dsdsaAAvcLDy4wvJQF'})

Python 2.7 instructions using the SDK

NOTE: Log out after each login to keep the api-key in sync. If you are running scripts in parallel you may want to create a separate login script that manages the api-key.

If api-key isn't being generated you may have to log in to the api through the browser and go to the api.riffyn.com/v1/logout endpoint which will delete the api-key. Then either run the login script or get the api-key from the /v1/login endpoint. 

  • From the root level of your swagger environment run the following python script:

import getpass
import time
import swagger_client
from swagger_client.rest import ApiException
# can manually set the host but will be set by the swagger code: swagger_client/configuration.py
# swagger_client.configuration.host = "https://api.riffyn.com"
# swagger_client.configuration.host = "http://localhost:3000/"
    username=getpass.getpass("Enter your username or email: ")
    password=getpass.getpass("Enter your password: ")
    swagger_client.configuration.username = username
    swagger_client.configuration.password = password
    # create an instance of the API class
    api_instance = swagger_client.AuthenticationApi()
    # api_response returns an api key
    api_response = api_instance.login()
    print("apiKey :")
    print ("You are logged in as %s." % (username))
except ApiException as e:
    print("There was something wrong with your login, please try again %s\n" % e)
# sets the configuration to your api key
swagger_client.configuration.api_key['api-key'= api_response.api_key
print('Header with apiKey and BasicAuth:')
#  Deletes basic auth from header:
swagger_client.configuration.password = ''
swagger_client.configuration.username = ''
print('auth header with apikey and no basicAuth:')
#  At this point you can make instances of the endpoints classes to be used:
unit_instance = swagger_client.UnitApi()
exp_instance = swagger_client.ExperimentApi()
res_instance = swagger_client.ResourceApi()
team_instance = swagger_client.TeamApi()
process_instance = swagger_client.ProcessApi()
    print('looking up lists:')
    # and make instances of specific endpoints:   
    api_response = unit_instance.list_units(creator='username')
    exp_response = exp_instance.list_experiments(creator='username')
    res_response = res_instance.list_resources(creator='username')
    team_response = team_instance.list_teams(creator='username')
    process_response = process_instance.list_processes(creator='username')
    print('units', api_response)
except ApiException as e:
    print("Exception when calling UnitApi->list_units: %s\n" % e)
    # be sure to logout if you are going to log in again 
except ApiException as e:
    print("Exception when calling AuthenticationApi->logout: %s\n" % e)

Postman instructions

To get an Api Key:

  1. Use Basic Auth in the Authorization tab and enter your username and password.
  2. In Headers tab set content-type to application/json
  3. In the url bar set the http method to GET and the url to https://api.app.riffyn.com/v1/login (or equivalent VPN)

To Use an Api Key:

  1. In the Authorization tab set the TYPE to "No Auth".
  2. in the Headers tab add "api-key" with api-key retrieved using the login endpoint.
  3. To regenerate an api-key go to /v1/logout and login again with basicAuth in the Authorization tab.


Have more questions? Submit a request


Please sign in to leave a comment.