Support Center

REST-based Authentication and Authorization API

If your organization was created after Tuesday, April 11 2017, this endpoint is not available to test Tag membership. Basic authentication tests will still work as documented.

REST-based Authentication and Authorization API 

JumpCloud offers three primary authentication methods, via:
  1. Local user accounts, managed by the JumpCloud Agent
  2. JumpCloud's Hosted LDAP Service
  3. JumpCloud's REST-based authentication API
This article explains how to use #3, JumpCloud's REST-based authentication API. The API format is simple and straightforward, a request looks like the following:
curl -X 'POST' \
     -H "x-api-key: <jumpCloudAPIKey>" \
     -H "Content-Type: application/json" \
     -d '{"username":"<userName>","password":"<password>","tag":"<tagToCheck>"}' \
The REST-based authentication API authenticates users from the JumpCloud "Users" object only, not JumpCloud Administrators.

Two types of requests are allowed:
  1. Username and Password with blank or omitted tag - Performs authentication only, and checks to see if the user exists in your JumpCloud directory with the given user name and password (this is similar to doing a raw bind to the JumpCloud Hosted LDAP Service).
  2. Username and Password with populated tag - Performs both authentication and authorization for the user, by allowing to you check to see if the user is part of a tag in your account. Tags are akin to "roles", so membership in a tag can be considered to provide additional access. This is similar to binding to JumpCloud's Hosted LDAP Service as an LDAP Binding User and looking at the memberOf field on the particular user to see of which groups the user is part.
JumpCloud returns a 401 error if the user does not authenticate (or is not authorized in the specified tag), and a 200 otherwise. This allows you to integrate with web servers such as Nginx, Apache, or Node.js by adding a new authentication module that will execute that request and use the response appropriately.

Last Updated: Aug 01, 2017 04:47PM MDT

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found