Testnet is now LIVE at testnet.spacetimedb.com! NOTE: This is a testnet, and all data will be wiped periodically.

1.0 RC3

Login

Community

Login
try the demoinstall
Astrolabe

SpacetimeDB HTTP Authorization

Rather than a password, each Spacetime identity is associated with a private token. These tokens are generated by SpacetimeDB when the corresponding identity is created, and cannot be changed.

Note

Do not share your SpacetimeDB token with anyone, ever.

Generating identities and tokens

Clients can request a new identity and token via the /identity POST HTTP endpoint.

Alternately, a new identity and token will be generated during an anonymous connection via the WebSocket API, and passed to the client as an IdentityToken message.

Encoding `Authorization` headers

Many SpacetimeDB HTTP endpoints either require or optionally accept a token in the Authorization header. SpacetimeDB authorization headers use Basic authorization with the username token and the token as the password. Because Spacetime tokens are not passwords, and SpacetimeDB Cloud uses TLS, usual security concerns about HTTP Basic authorization do not apply.

To construct an appropriate Authorization header value for a token:

  1. Prepend the string token:.
  2. Base64-encode.
  3. Prepend the string Basic .

Rust

fn auth_header_value(token: &str) -> String {
    let username_and_password = format!("token:{}", token);
    let base64_encoded = base64::prelude::BASE64_STANDARD.encode(username_and_password);
    format!("Basic {}", encoded)
}

C#

public string AuthHeaderValue(string token)
{
    var username_and_password = Encoding.UTF8.GetBytes($"token:{auth}");
    var base64_encoded = Convert.ToBase64String(username_and_password);
    return "Basic " + base64_encoded;
}

Previous

Module ABI Reference

Next

`/identity`

Edit On Github