SpacetimeDB HTTP Authorization
Generating identities and tokens
SpacetimeDB can derive an identity from the sub and iss claims of any OpenID Connect compliant JSON Web Token.
Clients can request a new identity and token signed by the SpacetimeDB host via the POST /v1/identity HTTP endpoint. Such a token will not be portable to other SpacetimeDB clusters.
Alternately, a new identity and token will be generated during an anonymous connection via the WebSocket API, and passed to the client as an IdentityToken message.
`Authorization` headers
Many SpacetimeDB HTTP endpoints either require or optionally accept a token in the Authorization header. SpacetimeDB authorization headers are of the form Authorization: Bearer ${token}, where token is an OpenID Connect compliant JSON Web Token, such as the one returned from the POST /v1/identity HTTP endpoint.
Top level routes
| Route | Description |
|---|---|
GET /v1/ping |
No-op. Used to determine whether a client can connect. |
`GET /v1/ping`
Does nothing and returns no data. Clients can send requests to this endpoint to determine whether they are able to connect to SpacetimeDB.