Authentication and Authorization

Calls to the API can use HTTP Basic Authentication, or Token Authentication.

Basic Authentication

To authenticate using HTTP Basic Authentication, use the same credentials (username and password) as for normal logins in a web browser.

Token Authentication

The token key should be included in the Authorization HTTP header. The key should be prefixed by the string literal "Token", with whitespace separating the two strings. For example:

Authorization: Token 9944b09199c62bcf9418ad846dd0e4bbdfc6ee4b

For example, using cURL:

curl https://www.trialgrid.io/api/v2/users/ -H 'Authorization: Token fa2ae7f1c766ddea1c8b4ff14773de33569d399b'

An authentication token can be obtained by making an HTTP POST request to api/v2/api-token-auth/, providing your login credentials in JSON data in the POST request.

For example, using cURL:

curl --header "Content-Type: application/json" --data '{"username":"USER","password":"PASSWORD"}' --request POST https://www.trialgrid.io/api/v2/api-token-auth/

The API will return a JSON string containing the token, e.g.

{"token":"fa2ae7f1c766ddea1c8b4ff14773de33569d399b"}

An authentication token can be deleted by making an HTTP POST request to api/v2/api-token-auth-delete/, providing your login credentials in JSON data in the POST request.

For example, using cURL:

curl --header "Content-Type: application/json" --data '{"username":"USER","password":"PASSWORD"}' --request POST https://www.trialgrid.io/api/v2/api-token-auth-delete/

Authorization

Access to Drafts via the API is controlled by the same permissions as the main TrialGrid application. Drafts and Drafts objects can be retrieved by the API if the user account has access to view the Project.