TigerGraph's RESTful APIs communicate with either the REST++ server on port 9000 or the GSQL server on port 14240. Each server uses different methods of authentication.
REST++ Server Requests
By default, TigerGraph REST++ endpoints are public: anyone with access to the HTTP ports of the TigerGraph server can run your endpoints. When REST++ authentication is enabled, then a valid authorization token must be included in the header.
The REST++ server implements OAuth 2.0-style authorization as follows:
An authorization token can then be used to perform TigerGraph database operations via other REST endpoints. Each token will expire after a certain period of time. The TigerGraph default lifetime for a token is 1 month.
Once REST++ authentication is enabled, a valid token should always be included in the HTTP header. If you are using curl to format and submit your REST++ requests, then use the following syntax:
curl GSQL request, with authorization token in header
curl -X GET -H "Authorization: Bearer <token>"'<request_URL>'
Here is a sample request:
curl -X GET -H "Authorization: Bearer 01234567abcdefgh01234567abcdefgh""http://localhost:9000/graph/socialNet/vertices/User?limit=3"
GSQL Server Requests
All requests made to the GSQL Server must be accompanied by your user credentials. You can use the curl -u option to pass in the username and password of the TigerGraph user:
curl -X GET -u <username>:<password> "http://localhost:14240/<path_to_endpoint>
To keep your credentials more secure, one way to avoid having the user name and password on the command line is to instead use a .netrc file or a config file. If you are in interactive mode, you can also use the -u option without specifying the password, and then curl will prompt for the password.