Skip to main content

Authentication

Get started using the Tech Against Terrorism TCAP API. This document outlines how you can obtain an authentication token and use our API services. In order to use any of these strategies, you will already need to be an on-boarded TCAP or TCAP Archive user with a username and password.

Open API References:

Authentication Strategies

Short lived access token

To use some TCAP API services, you will need to obtain a resource-specific, short-lived access token.

Services which currently utilise this authentication system:

import requests

url = "https://beta.terrorismanalytics.org/token-auth/api/login"

payload = {
    "username": "YOUR_TCAP_USERNAME",
    "password": "YOUR_TCAP_PASSWORD",
    "requested_service": "Hash Verification"
}

headers = {
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)
print(response.json())

Response

200 OK
{
  "service_token": "JWT"
}

How long does the short lived token last?

At the moment, tokens are configured to be valid for 5 minutes. When a token expires, you will receive the following response with a status of 403:

Authentication error: Token has expired. Please refresh.

You can request a new token anytime and continue using it to make requests to your chosen service.

If engaging with the service programmatically, we recommend writing a script to request a new token whenever you receive a response with the status code as 403 and body "Authentication error: Token has expired. Please refresh."

Authenticating With JWT

Authentication for other services is more straightforward.

Services which currently utilise JWT authentication system:

import requests

url = "https://beta.terrorismanalytics.org/token-auth/tcap/"

payload = {
    "username": "YOUR_TCAP_USERNAME",
    "password": "YOUR_TCAP_PASSWORD",
}

headers = {
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)
print(response.json())

Response

200 OK
{
    "token": "JWT",
    "user": {
        "id": 1,
        "username": "Jane",
        "first_name": "Jane",
        "last_name": "Doe",
        "email": "[email protected]",
        "organisation": "acmec",
        "permissions": [
          ...
        ],
        "job_title": "",
        "terms": "",
        "terms_archive": "",
        "email_verified": true
    }
}

Using the token

The token obtained from either strategy are used in the same way, you should attach it as a header to any API service request.

import requests

headers = {
    "Authorization": f'Bearer {token}"
    "Content-Type": "application/json"
}

response = requests.post(url, json=payload, headers=headers)
print(response.json())

Further help

Our dev team would be happy to walk you through the authentication process.

If you wish to reach out in relation to this or anything else surrounding our API services, please contact us

Open API References: