API Authentication
  • 07 Aug 2024
  • Dark
    Light
  • PDF

API Authentication

  • Dark
    Light
  • PDF

Article summary

Overview

Authentication is the process used to securely access Dataloop platform APIs. API keys facilitate this secure authentication and access to the Dataloop platform APIs.


API Keys

API keys, based on JSON Web Tokens, allow developers to access Dataloop for script execution and automation without traditional login requirements. These keys provide direct access to the platform, streamlining the process by bypassing the need for logging in.

Note

Keys are only visible to users with a Developer role or higher.

My API Key

This API key is associated with a specific platform user and inherits the access rights of that user. It will have the same permissions as the user who created it.

Note

Only the person who created the key has access to them.


Permissions and Limitations

  • A user can have a maximum of 10 keys
  • A project can have a maximum of 10 keys
  • A user with Developer role in a project can
    • Create Keys
    • Revoke their own keys
    • List All keys in the project
  • A user with Owner role in a project can Revoke any key in the project.
  • API Keys expiration lasts 1 year.
Note

Keys remain valid until they expire or are revoked.


Accessing API Keys

Use the Dashboard page to access your API keys.

Generate a New API Key

Copy API Key

The generated API key(s) will be available to copy only once. Please Copy and securely store them before closing the window.

To generate a key, see the Manage API Keys article.


Connect to Platform APIs

In addition to API Keys, there are three ways to connect Platform API.

  1. SDK M2M Login: Long-running SDK jobs require API authentication. M2M Login is recommended when To run API commands directly from an external system to Dataloop.

  2. The Dataloop Swagger UI: It allows performing API requests, such as GET, POST, PUT, PATCH, and DELETE to different endpoints in the Dataloop backend services, such as projects, datasets, tasks, etc.
    To use the Swagger UI, ensure you are logged in from another tab. Authentication will be based on the logged-in user.

  3. External System: Connect Dataloop API environment from an external system which requires a JWT token. Use the JWT for every HTTP request to the platform with bearer authentication.
    This method is recommended, if you prefer to use Postman or Insomnia API platforms.


Attaining API Credentials

  • Use your email ID and password to log in to the system. Use the registered email ID and password to get a valid JWT, and ensure the user is in your domain, i.e. machine1@myCompany.com.
  • For each machine user you create, ensure you use the password (not with the Google account) to log in once into the Dataloop platform.
  • You can sign up with a Google email ID.

Working With JWT

Once your API Credentials are set, use them to obtain a JWT for the Dataloop platform. The Dataloop API uses Auth authentication scheme, where each HTTP request has JWT attached to it via the Authorization header.

Basic Flow

  • Initiate an HTTP request using API Credentials to receive a JWT.
  • As long as the JWT is not expired, you can add it as a Bearer authorization header.

Generating a JWT

The request schema is as follows:

POST https://gate.dataloop.ai/token?default
Content-Type: application/json
Body

{
    "username": "<user name>",
    "password": "<user password>",
    "type": "user_credentials"
}

An example using Postman follows:

Click Send and a response is displayed in the following format:

{
    "access_token": "...",
    "id_token": "...",
    "refresh_token": "...",
}

Use the id_token (JWT) from the response as your authorization JWT for future requests.

JWT Expiration

Once the JWT expires, request for a new JWT. Expiration period is 24 hours.
There are many tools and libraries to decode JWTs, for example, https://jwt.io/ allows interactive decoding.

A decoded JWT as follows:

{
  "name": "Name",
  "nickname": "Name",
  "picture": "https://example.com",
  "locale": "he",
  "updated_at": "2025-09-23T06:06:17.641Z",
  "email": "zaphod@dataloop.ai",
  "email_verified": true,
  "iss": "https://dataloop-development.auth0.com/",
  "sub": "google-oauth2|101916523885779176498",
  "aud": "I44w8",
  "iat": 1569218779,
  "exp": 1569283579,
}
Note:
  • To obtain the expiration date, decode the JWT. Also, extract the exp field to get your JWT for a lifetime.
  • Ensure you refresh your JWT before its expiry date.

API HTTP Request

The Dataloop API uses Auth authentication scheme, where each HTTP request has JWT attached to it via the Authorization header.

The following example uses JWT to make a request using Postman and obtain the details of a specific project.

  1. The GET request URL is https://gate.dataloop.ai/api/v1/projects/{id}.
  2. For authentication, select the Bearer Token and enter the Token that obtained.
  3. Select the Get method.
  4. Press Send.