Skip to main content
Ask a Question
APIs
Robert D
Community Manager
Asked a question 20 days ago

Is there a step by step guide on how to authenticate your access to use Tribe API?

Where am I?

In Tribe you can ask and answer questions and share your experience with others!

Hi Robert,

Thank you for your question!

 

Tribe supports multiple authorization methods suitable for different scenarios.

The two most common methods are: -

1. JWT Access Token- If your product's authentication already provides JWT access tokens, the easiest way is to use the same access token in Tribe. You will start with downloading the “JWT Authorization App” (Please note that it is different than JWT SSO App) from the Tribe store. Tribe supports JWKS and Secret, Certification or Public Key to authenticate your JWT Access token. In order to authorize, use the following code in shell.

   **curl "api_endpoint_here"** **- H "Authorization: Bearer <YourAccessToken>"**

(Make sure to replace <YourAccessToken> with your JWT access token.)

 

2. Tribe Access Token- If your product does not support JWT access token or you are using Tribe as the main identity service, then you can use this option. Here are the steps: -

You need to first request for a client ID and client Secret by writing us on hi@tribe.so18.

In Next step, you will be able to create access token and refresh token by using one of the following OAuth2 methods:

  • Password Grant Type- To get an access token for a user using their username/email and password you can use the password grant_type. You will need to have administrative rights in order to complete these steps. In Body, you will need to fill following information for payload as application/x-www-form-urlencoded: -

Key                                   Value                                            
grant_type                            Word "password" client_id                         Client ID                             provided by Tribe 
client_secret                         Client secret provided by Tribe                  
username                              Your Tribe community’s username/Email address password                              Your Tribe community’s password

Once you have this information in payload, you should send a POST request to "https://YOUR_COMMUNITY_URL/api/v1/oauth/token".

Please find a snippet below of how it will look like if request is successful -

A successful Tribe authentication access request.
A successful Tribe authentication access request.
  • Tribe Custom Grant Type- With this grant type, you will be able to get the access_token and refresh_token for any user by their email, user_id (Tribe user id), or external_id (Your product's user_id that was passed in OAuth2 authentication). . In Body, you will need to fill following information for payload as application/x-www-form-urlencoded: -

Key                                               Value                                
grant_type                                       “tribe:client_secret_credentials” client_id                                        Client ID provided by Tribe client_secret                                    Client secret provided by Tribe email, user_id or external_id                           Unique identifier of the user

Once you have this information in payload, you should send a POST request to https://YOUR_COMMUNITY_URL/api/v1/oauth/token.

**Note: -**By default, this grant_type is open to all IP addresses, but for security reasons, we suggest that you give us a list of IP addresses and we'll limit it to those.

Please find a snippet below of how it will look like if request is successful -

Is there a step by step guide on how to authenticate your access to use Tribe API?

 

Tribe expects the access token to be included in API requests to the server in a header that looks like the following:

Authorization: Bearer <YourAccessToken>