Open API
Overview
Helmut4 follows an API-first approach, where the entire UI is built on our API. In instances where you wish to automate or integrate Helmut4 with other third-party systems, our open API proves invaluable, providing an extremely powerful set of functionalities.
API Documentation - Swagger UI
The link to our OpenAPI documentation can be accessed here

Authentication
There are several ways to communicate with the helmut4 API.
All options are listed below in an alphabetically list - choose the one which will meet you demands as it's best.
Basic Access Authentication
Basic Access Authentication, commonly known as Basic Auth, is a straightforward method used to authenticate clients when accessing an API. This method requires users to provide a username and password, which are combined into a single string and encoded using Base64 before being sent in the HTTP header. Here’s a deeper look at how it works and some important considerations:
Bearer Authentication
Bearer Authentication is a token-based security mechanism that protects API endpoints by requiring clients to present a valid token with each request. Here’s an expanded explanation of how it works and key considerations:
Options to retrieve a Bearer Token
There are several methods for obtaining a Bearer token from helmut4. Below are three common approaches:
Using Browser Developer Tools
Access the Developer Tools: Most modern browsers allow you to open the Developer Tools by pressing F12.
Monitor Network Traffic: Navigate to the Network tab. Then, either switch to another section of the application (e.g., the Projects tab) or reload the website.
Locate the Token: Multiple network requests will be listed. Look for entries that include an Authorization header. The Bearer token will be visible as part of these requests. You can inspect these entries to copy the token.

Using an Autologin File
Open the Autologin File: Locate an existing autologin file or create a new one if needed.
Decode the File Content: Copy the contents of the file and paste them into a Base64 decoder (for example, Base64Decode.org).
Extract the Token: The decoded output will include a JWT (JSON Web Token) that contains the Bearer token. Note: If you encounter
%20
in the decoded string, remember that it represents an encoded whitespace character. Replace it with an actual space if needed.

Using OAuth to Retrieve a Bearer Token
OAuth offers a secure and standardized way to obtain a Bearer token for each user. Similar to using an autologin file, an OAuth key/secret pair can be generated for every user, allowing dedicated access via the API.
OAuth Key/Secret Generation: Each user is assigned a unique OAuth key and secret. These credentials are used to authenticate against the helmut4 API.
Requesting the Bearer Token: To retrieve the Bearer token, you can make a POST request to the helmut4 OAuth endpoint. The endpoint processes the OAuth key/secret, and if the credentials are valid, returns a Bearer token specific to that user.

Last updated