Authentication Guide

Not every endpoint in the Fifth World API requires you to authenticate. The GET /pages endpoint, for example, effectively lets you search page titles, or return pages that have a particular type or tag. You can use this endpoint without authenticating and get back any public pages that match your criteria. If you authenticate, though, your query will also include any pages that you have access to with the account you authenticated with. Other endpoints, like the POST /pages endpoint used to create a new page, require you to authenticate.

The Fifth World API uses JSON Web Tokens (JWT) for authentication. You can get a JWT from the POST /members/auth endpoint. You can provide either your email and passphrase, or the code for an OAuth 2.0 provider and your token ID for use with that provider. If the API can authenticate the credentials that you supply, it sends back a JWT.

To use your JWT, attach it to your API requests in an Authorization header, as in this example:

Example Request

GET /v1/pages?type=Place&path=/africa HTTP/1.1
Host: api.thefifthworld.com
Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c

Your JWT will remain valid for 15 minutes, but at any point during that time you can make a request to the POST /members/reauth endpoint to get a new JWT, which will be valid for another 15 minutes.