Frontend Web API

How to configure Web API in GrandNode

First of all we need to enable Web API in appsettings.json file. You will find it in App_Data directory in main directory of GrandNode. Edit appsettings.json file. 

"GrandWebApi": {
"Enabled": false,
"SecretKey": "your private secret key", //at least 16 characters
"ValidateIssuer": false,
"ValidIssuer": "",
"ValidateAudience": false,
"ValidAudience": "",
"ValidateLifetime": true,
"ValidateIssuerSigningKey": true,
"ExpiryInMinutes": 1440,
"RefreshTokenExpiryInMinutes": 1440

Enabled - True/False. Specify whether API is enabled or not.

SecretKey - Enter your secret key. 

ValidateIssuer - True/False.

ValidIssuer - Specify the provider of the token.

ValidateAudience - True/False.

ValidAudience - Specify the audience. It's client, i.e the receiving party. 

ValidateLifetime - True/False.

ValidateIssuerSigningKey - True/False.

ExpiryInMinutes - Specify the expiration time of token. 

SystemModel - True/False.

Please note that you need to restart application after each change in appsettings.json file.

How to authorize guest user in GrandNode?

To show you how to authorize guest user I will use a Postman in free plan. Open it and create new request. 

After save you will see a new window. We need to modify some things in it. 

We need to change the request type from GET to POST

Then you need to provide a request URL - it will be

In the Auth tab, set Auth type to No Auth

In the next tab we need to add new Header. 

In the Key field enter the Content-Type, in Value field enter the application/json, description is empty.

And that's all. Just press the "Send" button and if do everything correctly you will see generated token.

It's token which you will use to Authenticate your requests. 

How to login to existing account in GrandNode?

Request Type: POST
Enter the request URL:
Auth type: No Auth

"email": "",
"password": "password"  //Base64 encoded

As a response, we will get a Bearer token. We can use it to authorize our future requests made as the specified user.

How to generate a request authorization token (Antiforgery token)?

Request Type: GET
Enter the request URL:
Auth type: No auth