Please help getting authorization token for API

I am trying to run an API that lists all transactions made by relayer. I have relayer and created API key for it.

In authentication part of the documentation page I found this example to authenticate API requests:


curl \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H "X-Api-Key: $KEY" \
  -H "Authorization: Bearer $TOKEN" \
    "$API_URL/$END_POINT"

While I do have the key (taken from relayer settings page), I do not know how to get $TOKEN to put into Authorization header in my API call.

Documentation says:

Defender APIs use short-lived JWT tokens for authentication, which can be negotiated via SRP protocol. We suggest using the Amazon Cognito User Pool SDK to negotiate the token.

but I'm not sure what that means and how to do it.

I'm using Postman to do API calls, so would appreciate if you explain me what to do to get the authorization. There is a way to have pre-request scripts.

Curl API request example that I'm using is:

curl -L -X GET 'http://api.defender.openzeppelin.com/' -H 'Accept: application/json' -H 'Content-Type: application/json' -H 'X-Api-Key: KEY_FROM_THE_DASHBOARD' -H 'Authorization: Bearer DONT_KNOW_WHAT_TO_PUT_HERE'

The response I'm getting:

{
    "message": "Authorization header requires 'Credential' parameter. Authorization header requires 'Signature' parameter. Authorization header requires 'SignedHeaders' parameter. Authorization header requires existence of either a 'X-Amz-Date' or a 'Date' header. Authorization=Bearer 123=321"
}

Would be good if someone could explain in steps how to get that token. Thanks in advance!

Hi @pdd ,

The easiest way to obtain the token is to use the defender-client JavaScript package but there are instructions for Python as well in the docs.

Cognito SDK is supported in other languages as well and that would be another option. Is there any reason why only Postman can be used? I've looked into negotiating the token directly via a HTTP endpoint and unfortunately it does not appear to be straightforward. However, if you can identify a mechanism to do so, the Defender-specific data should be available in the APIs Settings section.

We're using Postman here, so getting the token via API is preferred method. Of course we can run some additional scripts (Javascript) if needed, but would rather get it through a regular API call.

Do I understand it correctly that using this:
The Relayer API is at host api.defender.openzeppelin.com, and authentication is served by the user pool us-west-2_iLmIggsiy and client 1bpd19lcr33qvg5cr3oi79rdap. You will need to generate Relayer API keys to authenticate, which are created in each Relayer’s page.
authorization token can be retrieved using API? Could you please help me composing request?