HumHub - Auth API (1.0.0)

Download OpenAPI specification:Download

E-mail: info@humhub.com License: AGPLv2

Welcome to the HumHub auth module API reference. Humhub REST API supports the following Authentication Methods:

1. HTTP Basic Authentication

Uses standard HTTP Basic Authentication, requiring a username and password for each API request. Include the username and password in the Authorization header for each request.

Example:

curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Basic $(echo -n 'username@example.com:password' | base64)"

Configuration:

  • Enabled for All Registered Users: When enabled, all registered users can use Basic Authentication.
  • User Selection Dropdown: Allows specifying individual users for whom this method is enabled.

2. JWT Authentication

Uses JSON Web Tokens (JWT) for authentication. Users authenticate via a login endpoint to obtain a JWT token, which is then used in subsequent requests. The auth_token has an expiration time (expired_at). You must obtain a new token after it expires.

Login Process: Endpoint: POST /auth/login

  • Request:
    {
      "username": "username@example.com",
      "password": "password"
    }
    
  • Response:
    {
      "code": 200,
      "message": "Authentication successful",
      "auth_token": "eyJ0eXAiOiJKV1QiLC....tE_7_rLSX3vA",
      "expired_at": "2025-04-23T12:00:00Z"
    }
    
    Include the obtained auth_token in the Authorization header as Bearer {auth_token} in subsequent requests.

Example:

  • Obtain JWT Token:
    curl -X POST "https://yourhost/api/v1/auth/login" -H "Content-Type: application/json" -d '{"username":"username@example.com","password":"password"}'
    
  • Use JWT Token:
    curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Bearer your-auth-token"
    

Configuration:

  • Enabled for All Registered Users: When enabled, all registered users can use JWT Authentication.
  • User Selection Dropdown: Allows specifying individual users for whom this method is enabled.
  • JWT Key: A secret key used to encrypt the JWT token, configured in the JWT Auth settings.

3. Bearer Authentication

Uses predefined bearer tokens created for each user in the HumHub Bearer Authentication settings. Include the bearer token in the Authorization header as Bearer {your-bearer-token} for each request.

Example:

  curl -X GET "https://yourhost/api/v1/auth/current" -H "Authorization: Bearer your-bearer-token"

Configuration:

  • Tokens must be generated in the Bearer Auth settings for specific users.

4. Query Param Bearer Authentication

Uses the same bearer tokens created in the Bearer Auth settings but passes them as a query parameter instead of a header. Append the bearer token as a query parameter access-token={your-bearer-token} to the request URL.

Example:

curl -X GET "https://yourhost/api/v1/auth/current?access-token=your-bearer-token"

Configuration:

  • Tokens are the same as those generated for Bearer Auth.

Notes

  • Replace https://yourhost with the actual base URL of your HumHub instance.
  • Ensure that the appropriate authentication method is enabled and configured in the HumHub admin panel before making API requests.
  • Securely store and handle authentication credentials and tokens to prevent unauthorized access.

Authentication

Login in the application

Request Body schema: application/json

Credentials for login in app

username
required
string

Your username or email address

password
required
string

Responses

Request samples

Content type
application/json
{
  • "username": "username@example.com",
  • "password": "password"
}

Response samples

Content type
{
  • "code": 200,
  • "message": "string",
  • "auth_token": "eyJ0eXAiOiJKV1QiLC .... tE_7_rLSX3vA",
  • "expired_at": "string"
}

User

Get current user

Responses

Response samples

Content type
application/json
{
  • "id": 14,
  • "guid": "cd081891-d2e2-40d5-84a4-b47309e71c80",
  • "display_name": "John Doe",
  • "account": {
    },
  • "profile": {
    }
}

Impersonate user

Request Body schema: application/json

id of user to Impersonate

userId
required
integer

id of user to Impersonate

Responses

Request samples

Content type
application/json
{
  • "userId": 1
}

Response samples

Content type
application/json
{
  • "token": "impersonated-YvyEVcbzCvg0wLjb9yXylj1bkbotlCwkKjNKTZD9xMO86o1G-V9p-wklm5pUdXhdkSGj5dk-l",
  • "expires": 1681671865
}