User Access Tokens ​

In some situations, direct access to the Argonaut API can be desirable to facilitate integrations with external systems, or automations. For example, a script could be desired to automatically sync material from an external system into Argonaut on an interval.

The User Access Token system in Argonaut allows users to generate Access Tokens for the Argonaut API, that follow the same granular permssion system already available to all Argonaut Users (Roles & ACLs).

1. To generate an Access Token, visit the User Settings page of the user that will be performing the actions, and select the Access Tokens section of the Authentication screen.

This section is only available to the currently logged in user for security reasons.

2. Selecting the + button will display a window to name, and optionally configure a subset of the user's available ACLs, to associate with the token to be generated.

3. Selecting the number of available ACLs in the bottom left corner will display a pre-filled list of all the ACLs available to the user account that is generating the token. It's recommended to narrow down the selected ACLs to only those that are required for the token to function properly.

4. Typing in the Filter ACLs text field will narrow the list from all available, to only those ACLs that match the entered text. For example, typing material_attribute will only display the ACLs available to access the Material Attributes.

5. Clicking GENERATE will display the newly generated token in a text field, which can be copied manually, or by using the clipboard button to the right of the generated token.

Once the token is made available, it can be included it in the headers of HTTP requests to authenticate and access Argonaut API endpoints securely (see the examples below for more).

6. To delete a token which will revoke access to the Argonaut API for any service using that token, the option to delete a token is available from the list of available tokens.

A confirmation dialog will be presented to confirm the action.

7. Selecting the view button in the Actions column will display the ACLs that were assigned when the token was generated

Note: It is not possible to edit ACLs configured for an existing token and is only for display purposes

Examples ​

Using Postman the HTTP client, the endpoint should be configured to the URL endpoint of the Argonaut host, followed by /hasura/v1/graphql. The token generated above, should go in the value for the Authorization header, prefixed with the text Bearer (note the space after Bearer and before the token value).

Making the query with a valid GraphQL query will result in something like the following:

query GetAllLocations {
  argo_location {
    id
    name
    location_class {
      name
    }
  }
}

Using the cURL command-line tool to get all the configured Argonaut Locations:

Replace $TOKEN with the generated token value, or set the variable $TOKEN to the generated token value

curl \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -d '{ "operationName": "GetAllLocations", "variables": {}, "query": "query GetAllLocations { argo_location { id name location_class { name } } }" }' \
  -X POST \
  "https://$ARGONAUT_HOST/hasura/v1/graphql"

The above query is of type query, the following is of type mutation that will create a new piece of material

curl \
  -H 'Content-Type: application/json' \
  -H "Authorization: Bearer $TOKEN" \
  -d '{ "operationName": "CreateNewMaterial", "variables": { "material": { "material_data": { "materialModelId": "71b6403c-e562-11ee-92f9-7a87a88705d2", "serialNumber": "UAT_TEST000001" } } }, "query": "mutation CreateNewMaterial($material: argo_create_material_args!) { materialInsertMutation: argo_create_material(args: $material) { id serial_number } }" }' \
  -X POST \
  "https://$ARGONAUT_HOST/hasura/v1/graphql"