This documentation provides an overview of the various means of authentication and authorization for the User API and Predict API. It explains how user accounts, access credentials, JWT sessions, and API keys can be used to secure access to resources and machine learning models within the User API
Authentication and Authorization Guide
The User API and Predict API are two distinct APIs that serve different purposes and employ different authentication models.
The User API allows users to manage user accounts, access credentials, JWT sessions, API keys, and even their own machine learning (ML) models. Users can create accounts, generate access credentials for secure API requests, create and manage API keys, and establish temporary JWT sessions for browser-based and untrusted environment interactions. Additionally, users can manage their ML models through the User API, which are then queriable via the Predict API.
On the other hand, the Predict API is focused on providing access to user's ML models. It uses API keys for authentication and authorization when accessing these models. API keys are required for private models and optional for public models. Users can create API keys through the User API and use them to authenticate requests to the Predict API's endpoints, granting access to specific ML models.
In summary, the User API facilitates user account management, access credentials, JWT sessions, API key generation, and also provides the ability to manage ML models. The Predict API focuses on accessing and executing user's ML models through the use of API keys.
User API Authentication and Authorization
User Accounts
The User API allows users to create accounts for secure access and management of their resources. The following endpoint is available:
Create a new user
This endpoint allows you to create a new user to access Neurodeploy API.
Request
curl --location --request POST 'https://user-api.neurodeploy.com/users' \
--header 'username: john22' \
--header 'password: password' \
--header 'email': 'john22@gmail.com'
Successful response
{
"username": "john22",
"jwt": {
"token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJ1c2VybmFtZSI6ImxvdXN5ZHJvcG91dDIiLCJleHAiOjE2ODUwMzUzMjd9.QcJcuxvaQ-Uw796dCIPWIyKhtXDzpV3ESF0tTROKemU",
"expiration": "2023-05-25T17:22:07.266576"
}
}
Errors
{
"error_message": "The username \"john22\" already exists."
}
Please don't commit your Neurodeploy password to GitHub!
Access Credentials
Authenticated users can generate access credentials (access-key and secret-key pairs) to authenticate API requests made by their software or SDK. These credentials are useful for convenient and secure authentication. The following endpoints are available:
Create a new set of access credentials
POST- This endpoint allows you to create a new set of access credentials for the authenticated user
Request
curl --location --request POST 'https://user-api.neurodeploy.com/credentials' \
--header 'Authorization: Bearer BEARER_TOKEN'
Response
{
"token": "BEARER_TOKEN",
"expiration": "2023-05-13T11:06:44.715587"
}
Errors
{
"error_message": "The username \"john22\" already exists."
}
Retrieve a new set of access credentials
GET- This endpoint allows you to retrieve the list of access credentials for the authenticated user
Request
curl --location --request GET 'https://user-api.neurodeploy.com/credentials' \
--header 'Authorization: Bearer BEARER_TOKEN'
Response
{
"token": "BEARER_TOKEN",
"expiration": "2023-05-13T11:06:44.715587"
}
Errors
{
"error_message": "The username \"john22\" already exists."
}
Retrieve information about a specific access credential for the authenticated user
GET /credentials/{credential_id}- This endpoint allows you to retrieve information about a specific access credential for the authenticated user
Request
curl --location --request GET 'https://user-api.neurodeploy.com/credentials' \
--header 'Authorization: Bearer BEARER_TOKEN'
Response
{
"token": "BEARER_TOKEN",
"expiration": "2023-05-13T11:06:44.715587"
}
Errors
{
"error_message": "The username \"john22\" already exists."
}
Delete a specific access credential for the authenticated user
DELETE /credentials/{credential_id}- This endpoint allows you to Delete a specific access credential for the authenticated user
Request
curl --location --request GET 'https://user-api.neurodeploy.com/credentials/{credential_id}' \
--header 'Authorization: Bearer BEARER_TOKEN'
Response
{
"token": "BEARER_TOKEN",
"expiration": "2023-05-13T11:06:44.715587"
}
Errors
{
"error_message": "The username \"john22\" already exists."
}
JWT Sessions
The User API supports user sessions using JSON Web Tokens (JWT). These tokens provide temporary authentication and authorization for requests made through the console website or untrusted environments like Google Colab. The following endpoint is available:
Create a specific access credential for the authenticated user
POST /sessions- This endpoint allows you to create a new user session and retrieve a session token (JWT)
Request
curl --location --request GET 'https://user-api.neurodeploy.com/credentials/{credential_id}' \
--header 'Authorization: Bearer BEARER_TOKEN'
Response
{
"token": "BEARER_TOKEN",
"expiration": "2023-05-13T11:06:44.715587"
}
Errors
{
"error_message": "The username \"john22\" doesn't exists."
}
API Keys
API keys can be created through the User API to authenticate requests made to the Predict API's /{user}/{model} endpoint. These keys provide authorization to access specific machine learning models. The following endpoints are available:
Create a new API key for the authenticated user
POST /api-keys- This endpoint allows you to create a new API key for the authenticated user
Request
curl --location --request POST 'https://user-api.playingwithml.com/api-keys?model_name=abc&description=null&expires_after=null' \
--header 'Authorization: Bearer BEARER_TOKEN'
Successful response
{
"api-key": "b1ce68d1-fbc2-4ee4-8dcd-c511bfeea9a3"
}
Errors
{
"error_message": "The username \"abc\" already exists."
}
Retrieve a list of all API keys for the authenticated user
GET /api-keys- This endpoint allows you to retrieve a list of all API keys for the authenticated user
Request
curl --location 'https://user-api.playingwithml.com/api-keys?model_name=abc' \
--header 'Authorization: Bearer BEARER_TOKEN'
Successful response
{
"api-key": "b1ce68d1-fbc2-4ee4-8dcd-c511bfeea9a3"
}
Errors
{
"error_message": "The username \"abc\" already exists."
}
/api-keys/{api_key}DELETE- Delete API key with the specified API Key
Predict API Authentication and Authorization
The Predict API uses API keys for authentication and authorization when accessing a user's machine learning models. API keys created through the User API are used for authentication purposes when making requests to the /{user}/{model} endpoint on the Predict API. The following endpoint is available:
Create a specific access credential for the authenticated user
POST /{user}/{model}- This endpoint allows you to auth and execute a given user's ML model using the request body as the input
Request
curl --location 'https://api.playingwithml.com/john22/abc' \
--header 'api-key: null' \
--header 'Content-Type: application/json' \
--data '{
"payload": [[1, 2, 3, 4, 5]]
}'
Response
{
"output": [
[
9.991751670837402
]
]
}
Errors
{
"error_message": "The username \"john22\" doesn't exists."
}
Using an SDK
If you use one of our official SDKs, you won't have to worry about any of the above — fetch your access keys from the Neurodeploy dashboard under credentials, and the client library will take care of the rest. All the client libraries use OAuth2 behind the scenes.