Links

Getting Started

Authentication

PlexTrac uses JWT tokens to manage authentication for all API endpoints. This token is sent as an Authorization header to all endpoints and validates the user has permission to access the requested action.
These tokens are granted to users in a PlexTrac instance and contain the user's permissions. This means the user will have the same permissions regardless of interacting with the Plextrac platform or manually making an API request.
The tokens expire after 15 minutes, and the user will need refresh or re-authenticate to get a new valid token.

Generate Access Token

This method is used to generate a JWT token when the user's Authentication Provider is set to Plextrac and user does NOT have MFA enabled.
POST Authentication is the basic auth endpoint and returns the following after successfully verifying the given username and password for a user without MFA:
The value in the token field is the JWT token to be sent in the Authorization header to all other endpoints.

Generate Access Token (MFA)

This method is used to generate a JWT token when the user's Authentication Provider is set to Plextrac and user DOES have MFA enabled.
When the user has MFA enabled, they will need to use two endpoints to generate a JWT token. First, call the POST Authentication endpoint. The response will contain the code field if the user has MFA enable. The value relates to the Authenticator set up by the user and the six-digit rotating code associated to their login.
Next, call the POST Multi-Factor Authentication endpoint with the code returned from the last request and the current six-digit code from your Authenticator in the payload.
{
"code": "<code value from previous request>",
"token": "<6-digit authenticator code>"
}
This will return the following after successfully verifying the given MFA data for a user:
The value in the token field is the JWT token to be sent in the Authorization header to all other endpoints.

Sending the Authorization Header with Requests

Once generated, the JWT token is sent as an Authorization Header with all other endpoints. Using the requests module in Python, an example call would be the following:
Using cURL on the command line, a request example would be the following:

Sending a JSON body

Some endpoints require a JSON payload. When sending a request in Postman, it automatically detects when the raw JSON body option is selected and adds the header Content-Type: application/json to the request. This adds the payload to the HTTP request's json field.
When sending requests via other means, confirm that the payload is being sent in the request's json field. Without the Content-Type: application/json header, the payload might be stored in the data or form field and cause the request to fail, since the json field where the data is expected is null.

cURL

Add the Content-Type: application/json header to tell the request the --data-raw data is a JSON and should be stored in the request's json field.

Python

With the Python requests module, add the JSON payload to the json parameter when making a request and the requests module will automatically send the Content-Type: application/json header with the request.
© 2022 PlexTrac, Inc. All rights reserved.