Authenticating for TCAP API Services

Get started using the Tech Against Terrorism TCAP API. This document outlines how you can obtain an authentication token and use our API services.

Authentication

To use some TCAP API services, you will need to obtain a resource-specific, short-lived access token.

In order to get one of these, you will already need to be an on-boarded TCAP or TCAP Archive user with a username and password.

Services which currently utilise this authentication system:

Authentication for other services is more straightforward, see other docs

Obtaining an Access Token

To obtain a token make a request to the TCAP authentication endpoint with your username, password and the name of the requested service, for example Hash Verification:

POST https://beta.terrorismanalytics.org/token-auth/api/login
{
  username: YOUR_TCAP_USERNAME,
  password: YOUR_TCAP_PASSWORD,
  requested_service: NAME_OF_REQUESTED_API_SERVICE
}

Using the token

Once you have received a token, you should attach it as a header to any API service request.

Typescript example:

    const serviceUrl = "https://beta.terrorismanalytics.org/hash-verification/api/v2"
    const headers = {'Authorization': `Bearer ${token}`};
    const response = await fetch(service_url, {headers: headers});

Python example:

    service_url = "https://beta.terrorismanalytics.org/hash-verification/api/v2"
    headers = {'Authorization': f'Bearer {token}'}
    response = requests.get(serviceUrl, headers=headers)

How long does the token last?

At the moment, tokens are configured to be valid for 5 minutes. When a token expires, you will receive the following response with a status of 403:

Authentication error: Token has expired. Please refresh.

You can request a new token anytime and continue using it to make requests to your chosen service.

If engaging with the service programmatically, we recommend writing a script to request a new token whenever you receive a response with body "Authentication error: Token has expired. Please refresh."

Further help

Our dev team would be happy to walk you through the authentication process.

If you wish to reach out in relation to this or anything else surrounding our API services, please contact us through this form