API tokens

    This feature is in our roadmap (opens new window). This guide is a workaround to achieve this feature before we support it natively in strapi.

    The goal is to be able to request API endpoints with a query parameter that authenticates as a user. eg. /restaurants?token=my-secret-token.

    To achieve this feature in development, we will have to customize the users-permissions plugin. This guide will help you understand how to customize all your applications. You can read more about .

    • attribute named token

    Then add some users and create some token linked to these users.

    We now have to customize the function that verifies the token token. Strapi has an Authentication process that uses JWT tokens, we will reuse this function to customize the verification.

    Here is the functionAPI tokens - 图2 (opens new window) that manages the JWT validation.

    Then copy the original function that is on GitHub and paste it in your new file.

    When it’s done, the Strapi application will use this function instead of the core one. We are ready to customize it.

    You will have to update the first lines of this function.

    And tada! You can now create a token, link it to a user and use it in your URLs with token as query parameters.