DEV Community 👩‍💻👨‍💻

Alexey Timin for ReductStore

Posted on

New Reduct Storage v1.1.0 with Token API

Reduct Storage v1.1.0 comes with a new Token API to create tokens with different permissions. This allows you to give different users or applications access to specific data or storage functions. For example, you could create a token that gives full access to all data, or one that only allows writes to a certain bucket. The Token API is simple to use and gives you a lot of flexibility in how you use Reduct Storage.

How to create a token with Web Console

You can manage the API tokens even with CURL, but the storage engine has an embedded Web Console which makes it easier.

To enable the Token API and authorisation, you should set the RS_API_TOKEN environment variable with some initial token. For example, you can do it when you run the storage engine with Docker:

docker run   -p 8383:8383 -v ${PWD}/data:/data --env RS_API_TOKEN=token reductstorage/engine:v1.1.0
Enter fullscreen mode Exit fullscreen mode

The initial token has full access, so you can use it to create a new token to read data from a certain bucket. Open the Web Console in your browser and click on Security:

API token list

Then click on the + button to open a form for a new token:

Creating a new API token

Let's create a token with can only write into a bucket. In my example, the bucket is called data. Then you create the token you will see its hash. Copy it somewhere!

New API Token

Now we can use it to write something into the bucket:

export API_TOKEN=<COPIED-TOKEN>

curl -d "some_data" \
  -X POST \
  --header "Authorization: Bearer ${API_TOKEN}"   \
  -a http://127.0.0.1:8383/api/v1/b/my_data/entry_1?ts=10000

Enter fullscreen mode Exit fullscreen mode

It should work perfectly. However, if you try to read from the bucket you get an error:

curl --header "Authorization: Bearer ${API_TOKEN}"   \
  -a http://127.0.0.1:8383/api/v1/b/my_data/entry_1?ts=10000

{"detail":"Token doesn't have read access to bucket 'data'"}

Enter fullscreen mode Exit fullscreen mode

Now, you know how to keep you data in a secure way.

Top comments (0)

Here is a post you might want to check out:

Regex for lazy developers

regex for lazy devs

Sorry for the callout 😆