Debricked is an API first service, allowing for all actions inside the UI to be scripted. This allows you to integrate our service into your code, CI pipelines, and more.
All users with the admin role (or API access scope) have access to our open API. This is also the API used by Debricked CLI.
Important API Resources:
- Base URL for API: https://debricked.com/api
- Current version URL: https://debricked.com/api/1.0
- Open API reference/Sandbox
- Open API reference/Sandbox, JSON format
How do I authenticate?
The API uses JWT-tokens for authentication.
How do I generate JWT-tokens using the username and password?
In order to get a JWT-token you need to provide your username and password to: https://debricked.com/api/login_check
Using curl, the call would look like this:
curl https://debricked.com/api/login_check -d _username=YOUR_USERNAME -d _password=YOUR_PASSWORD
If successful, the response will contain your token:
Note: In case your username and/or password contains special characters, you need to url encode and surround it by quotes to ensure that it works as expected. See example:
curl https://debricked.com/api/login_check --data-urlencode 'firstname.lastname@example.org' --data-urlencode '_password=password&'
How do I generate JWT-tokens using a long-lived access token?
If you have added an access token, you can use it to get a short-lived JWT token by sending the access token to:
Using curl the call would look like this:
curl https://debricked.com/api/login_refresh -d refresh_token=YOUR_ACCESS_TOKEN
How do I use the tokens?
Keep in mind that the long lived access token, and the short-lived JWT-token are different tokens! You must always exchange your access token for a JWT-token to use the API.
The JWT-token has a lifetime of about an hour. If the JWT-token is invalid (e.g. if it has expired) a 401 status code will be returned. You should therefore implement a way of automatically getting a new token every time you receive a 401 status code from any API call.
When you have your token you need to pass it to the Authorization HTTP header with the value Bearer YOUR_VERY_LONG_TOKEN on each API call.
For example, using curl:
curl -H 'Authorization: Bearer YOUR_VERY_LONG_TOKEN' https://debricked.com/api/the_api_endpoint
API Rate limits
The following rate limits apply:
- No account: 100 requests per hour (only applies for the Open Source Select API)
- Free account: 500 requests per hour per code contributor (up to a maximum of 5000 requests per hour)
- Premium/Enterprise account: 5000 requests per hour per code contributor
If you require a higher rate limit, please contact our sales team.