Authenticating for TCAP API Services
Get started using the Tech Against Terrorism TCAP API. This document outlines how you can obtain an authentication token and use our API services.
Key features and use cases
To use some TCAP API services, you will need to obtain a resource-specific, short-lived access token.
In order to get one of these, you will already need to be an on-boarded TCAP or TCAP Archive user with a username and password.
Services which currently utilise this authentication system:
Authentication for other services is more straightforward, see other docs
Endpoints
Obtaining an Access Token
To obtain a token make a request to the TCAP authentication endpoint with your username, password and the name of the requested service, for example Hash Verification
:
Endpoint
POST /token-auth/api/login
Request
Headers
- Content-Type (Required: Yes): Must be
application/json
Request Body
username (Type:
string
, Required: Yes): The user's usernamepassword (Type: string, Required: Yes): The user's password
requested_service (Type: string, Required: Yes): The service for which access is requested
Example Request:
POST https://beta.terrorismanalytics.org/token-auth/api/login
{
"username": "YOUR_TCAP_USERNAME",
"password": "YOUR_TCAP_PASSWORD",
"requested_service": "NAME_OF_REQUESTED_API_SERVICE"
}
Response
Status Code: 200
- access_token (Type: string): Temporary credentials that grant access to a protected resource and must be sent in the header of subsequent requests.
- refresh_token (Type: string): Credential used to obtain new access tokens once the current ones expire.
Example Response:
{
"access_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9",
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9"
}
Usage examples
Using the token
Once you have received a token, you should attach it as a header to any API service request.
Typescript example:
const serviceUrl = "https://beta.terrorismanalytics.org/hash-verification/api/v2"
const headers = {'Authorization': `Bearer ${token}`};
const response = await fetch(service_url, {headers: headers});
Python example:
service_url = "https://beta.terrorismanalytics.org/hash-verification/api/v2"
headers = {'Authorization': f'Bearer {token}'}
response = requests.get(serviceUrl, headers=headers)
Frequently Asked Questions
How long does the token last?
At the moment, tokens are configured to be valid for 5 minutes. When a token expires, you will receive the following response with a status of 403
:
Authentication error: Token has expired. Please refresh.
You can request a new token anytime and continue using it to make requests to your chosen service.
If engaging with the service programmatically, we recommend writing a script to request a new token whenever you receive a response with body "Authentication error: Token has expired. Please refresh."
Further help
Our dev team would be happy to walk you through the authentication process.
If you wish to reach out in relation to this or anything else surrounding our API services, please contact us through this form