Authentication 🔗

POST /api/public/login/ HTTP/1.1
Host: app.crunch.io
Content-Type: application/json
Content-Length: 73

{
    "email": "fake.user@example.com",
    "password": "password",
    "token", true
}

HTTP/1.1 200 OK
{"access_token": "796f025f019ad8299337ba7b0924afbf", "token_type": "Bearer"}
library(crunch)
login("fake.user@example.com", "password")
# See ?login for options, including how to store your credentials
# in your .Rprofile
import pycrunch
curl -X POST
    -d '{"email": "fake.user@example.com", "password": "password", "token": true}'
    -H "Content-type: application/json"
    -H "Content-Length: 73"
    https://app.crunch.io/api/public/login/

# The above command will perform a login and return a Bearer Token.
# After this, you can access the endpoint via 'curl' commands (POST, GET, PATCH), as long as the '-H "Authorization: Bearer access_token' flag is present. Substitute 'access_token' with the one returned on the login request.

Nearly all interactions with the Crunch API need to be authenticated. The standard password authentication method involves POSTing credentials and requesting a Bearer token back, which should be included on further requests.

The client should then store the Bearer returned on the attribute access_token and pass it along with each subsequent request in the Authorization HTTP header.

Example:

  • Authorization: Bearer 796f025f019ad8299337ba7b0924afbf

Failure will return 401 Unauthorized.

Note

Replace “fake.user@example.com” and “password” with your email and password, respectively. Refer to the password policy below for more information. Replace the Bearer access token “796f025f019ad8299337ba7b0924afbf” on the Authorization header with the access_token returned from your login request.

Crunch also supports OAuth 2.0 w/OpenID Connect or RFC 7662. However, OAuth doesn’t work well with unattended scripts. If your user is set up with OAuth and you want to create applications that use Crunch’s API, contact us to set up a secondary password. To set one yourself, POST a JSON document containing {‘email’: ‘youremail@example.com’} to the /api/public/password_reset/ API endpoint, and follow the instructions in the email you receive. No Authentication is required to use this endpoint. Log out of your current Crunch Web App session before clicking the reset password link in the email.

We do not recommend using OAuth to authenticate API requests outside of a browser. The redirect after the ID provider login will load the Crunch Web Application, and a manual step is required to copy the autorization bearer token into the running state of the application that requests API access. Automated retrieval of Bearer Tokens for Users with OAuth logins is not currently available.

If you’d like to add your OAuth OpenIDConnect or RFC7442 provider to the set of supported providers, contact support@crunch.io