1. REST APIs for Global Pathogen Analysis ServiceREST APIs for Global Pathogen Analysis Service
  2. Authenticate

Authenticate

You must have a preexisting account (username and password) to access Global Pathogen Analysis Service (GPAS) and permission to use the REST API. To request access to the REST API, contact your GPAS administrator.

GPAS uses authentication tokens to allow users to execute API requests. To obtain an access token from the GPAS User Portal, complete the following steps:

  1. Sign in to the GPAS User Portal.
  2. On the top-left corner, click the Menu icon and select Upload.

    The Upload page opens.

  3. Click Get API Token.

    This downloads a .json file to your machine, which contains the information shown in the following example:

    {
    "access_token": "<access_token_string>",
    "token_type": "Bearer",
    "expires_in": <integer>,
    "refresh_token": "<refresh_token_string>",
    "client_id": "<client_id_string>",
    "client_secret": "<client_secret_string>"
}

    Where:

    • <access_token_string> is the access token, in alphanumeric format.
    • <integer> is the value of when the token expires, in numeric format.
    • <refresh_token_string> is the refresh access token, in alphanumeric format.
    • <client_id_string> is the Client ID, in alphanumeric format.
    • <client_secret_string> is the Client Secret, in alphanumeric format.

    Note:

    • The expires_in value may vary, based on when you signed in to the GPAS User Portal, but the maximum value is 28,000, or eight hours.
    • You can use the refresh token provided in the .json file to generate a new token. To do this, you need to be provided with a Client ID and Secret.
  4. To use your refresh token, issue the following cURL command:
    curl -i -H 'Authorization: Basic <base64 encoded client_id:client_secret>'  \
    -H 'Content-Type: application/x-www-form-urlencoded;charset=UTF-8' \
    --request POST <idcs_token_url> \
    -d 'grant_type=refresh_token&refresh_token=<refresh_token>&scope=<base_url>'

    Where:

    • <base64 encoded client_id:client_secret> is your Client ID and Secret.
    • <idcs_token_url> is the URL for the IDCS token.
    • <base_url> is the base URL path for GPAS.

The new file will have a fresh access_token, which is valid for 24 hours, and a new refresh_token. Each refresh token can only be used once. You can repeat the refresh process for up to one week, at which time you must download a new token from the GPAS User Portal.