Maincloud is now LIVE! Get Maincloud Energy 90% off until we run out!

SpacetimeDB HTTP Authorization

Generating identities and tokens

SpacetimeDB can derive an identity from the sub and iss claims of any OpenID Connect compliant JSON Web Token.

Clients can request a new identity and token signed by the SpacetimeDB host via the POST /v1/identity HTTP endpoint. Such a token will not be portable to other SpacetimeDB clusters.

Alternately, a new identity and token will be generated during an anonymous connection via the WebSocket API, and passed to the client as an IdentityToken message.

`Authorization` headers

Many SpacetimeDB HTTP endpoints either require or optionally accept a token in the Authorization header. SpacetimeDB authorization headers are of the form Authorization: Bearer ${token}, where token is an OpenID Connect compliant JSON Web Token, such as the one returned from the POST /v1/identity HTTP endpoint.

Top level routes

Route Description
GET /v1/ping No-op. Used to determine whether a client can connect.

`GET /v1/ping`

Does nothing and returns no data. Clients can send requests to this endpoint to determine whether they are able to connect to SpacetimeDB.

Edit On Github