How to use API Authentication
Every API is different when it comes to Authentication but in Directus, all you need is a Bearer token.
Every API is different when it comes to Authentication but in Directus, all you need is a Bearer token. You can create once in Directus by using an API user with a token defined in the User Management portal. This token is used in the authentication header.
To use Authentication with the API, you must include the Authorization HTTP header with the value Bearer followed by your token.
Authorization: Bearer your-bearer-token
Postman is very useful API playground where you can try different ideas before including them in your project. Create a new Collection and open the Authorization tab. Paste your token into the Token field at the bottom.
Now you can add new Requests inside your Collection which will use these Authentication settings.
For you application or website, you need to include the token for every API query by using the authorization header. Here is an example of a simple GET query on my articles collection.
curl -H "Authorization: Bearer your-bearer-token" https://directus.example.com/items/articles?fields=id,title,author.first_name
It is good practice to create several access tokens that are restricted for the task at hand. For example, use a "read-only" access token for your website or if you have multiple sites, use a unique access token for each website. Then use a separate access token for the backend scripts that need to write back to Directus. This will help keep your application secure.
To acheive this, you'll need to create a role and specifiy what collections that role can read, write, update or delete. Then assign that role to your API user.
Now you know how to authenticate your API query and secure your application using different roles. Use the links below for further reading.