ArchiWind
API
Authentication

Authentication

The API cannot be accessed without one of these two forms of authentication:

Personal access token

Use cases

For customers that want to automate the submission/consumption of their own simulations.

Usage

⚠️
It’s not possible to autonomously create a PAT yet, please get in touch with us. We’re working to add this feature soon.

Each PAT is connected to a user account and can expire/be revoked.

Once you get the token, you can access the API using it in an HTTP header like this:

x-nablaflow-token: ${token}

Example 

export NABLAFLOW_TOKEN="..."

curl \
  -H "x-nablaflow-token: ${NABLAFLOW_TOKEN}" \
  https://api.nablaflow.io/archiwind/users/self

OAuth2 application

Use cases

For third-party services that want to give the ability to their customers to submit simulations/consume results.
For example, an application that does 3D modeling and can submit and then visualise results inline.

ℹ️
Keep in mind that your customers will still need to register with us and allow the connection between your service and their account on our side, then provide billing details.

Usage

⚠️
It’s not possible to autonomously create a client and submit it for approval yet, so if you are interested, please get in touch with us. We’re working to add this feature soon.

When a client accesses the API, it does so on behalf of an existing user.
In order to do that, a classical OAuth 2.0 token request flow must be performed.

Please get yourself familiar with OAuth 2.0 before continuing.

Once you have performed the token request, you will get back an access_token and a refresh_token.

An access_token needs to be used in each HTTP call’s headers:

authorization: bearer ${access_token}

Access tokens are valid for 1 hour, while refresh tokens are valid for 30 days.

⚠️
Keep in mind that you have to deal with a pair of tokens for each user, so they must be stored on your side. It is your responsibility to periodically refresh access tokens so that the integration would keep working. When even a refresh token expires, you are forced to redirect the user through the OAuth 2.0 flow on our side.

Example 

export ACCESS_TOKEN="..."

curl \
  -H "authorization: bearer ${ACCESS_TOKEN}" \
  https://api.nablaflow.io/archiwind/users/self