TigerGraph’s RESTful APIs communicate with either the REST++ server on port 9000 or the GSQL server on port 14240. Each server uses different methods of authentication.
TigerGraph REST++ endpoints are public by default: anyone with access to the HTTP ports of the TigerGraph server can run your endpoints. When REST++ authentication is enabled, then a valid authorization token must be included in the header.
The REST++ server implements OAuth 2.0-style authorization as follows:
Each user can create one or more secrets (unique pseudorandom strings). Each secret is associated with a particular user and the user’s privileges for a particular graph.
Anyone who has this secret can invoke a special REST endpoint to generate authorization tokens (other pseudorandom strings).
An authorization token can then be used to perform TigerGraph database operations via other REST endpoints. Each token will expire after a certain period of time. The TigerGraph default lifetime for a token is 1 month.
Once REST++ authentication is enabled, a valid token should always be included in the HTTP header. If you are using curl to format and submit your REST++ requests, then use the following syntax:
curl -X GET -H "Authorization: Bearer <token>" '<request_URL>'
Here is a sample request:
curl -X GET -H "Authorization: Bearer 01234567abcdefgh01234567abcdefgh" "http://localhost:9000/graph/socialNet/vertices/User?limit=3"
All requests made to the GSQL Server must be accompanied by your user credentials. You can use the
curl -u option to pass in the username and password of the TigerGraph user:
curl -X GET -u <username>:<password> "http://localhost:14240/<path_to_endpoint>