ApiGoat Api uses JWT. You need to get a JWT token and pass it along with all requests.
POST https://x.apigoat.com/p/YOUR-PROJECT-NAME/api/v1/Authy/auth HTTP/1.1
Content-type: application/json
Accept: application/json
{
"u": "username",
"pw": "md5-hash-of-the-password"
}This will return a token in the body:
{
"token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODI3NjM2NzEsImV4cCI6MTU4Mjc3MDg3MSwianRpIjoiMktmT1UzVzdtNFFxbnJRc2prcGgzaCIsInN1YiI6bnVsbCwic2NvcGUiOltdLCJ1c2VybmFtZSI6InN5c2FkbWluIiwiYXV0aHlJZCI6MSwiZ3JvdXAiOiJBZG1pbiIsImlzUm9vdCI6IlllcyJ9.m8UDMrQqtDf2fAA8-niVIw-35b2dg_WJYLleGSYk4wk",
"expires": 1582770871
}The token part will be used in every following request, in the HTTP ‘Authorization: BEARER ‘ header property:
GET https://x.apigoat.com/p/YOUR-PROJECT-NAME/api/v1/Authy HTTP/1.1 Content-type: application/json Accept: application/json Authorization: BEARER eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpYXQiOjE1ODI3NjA5NTYsImV4cCI6MTU4Mjc2ODE1NiwianRpIjoiN2RzaEFGcnV4Z1dCOWlyMmJTUVRBbiIsInN1YiI6bnVsbCwic2NvcGUiOltdLCJ1c2VybmFtZSI6InN5c2FkbWluIiwiYXV0aHlJZCI6MSwiZ3JvdXAiOiJBZG1pbiIsImlzUm9vdCI6IlllcyJ9.rvKKmCCf6RWSb7nSfMHNo_9NimSX9aFyf0UI-HjzKfQ