Skip to main content
POST
/
digester
/
{session_id}
/
auth
Extract Authentication
curl --request POST \
  --url https://api.example.com/digester/{session_id}/auth
{
  "jobId": "<string>",
  "status": "<string>",
  "result": {
    "result.auth": [
      {
        "result.auth[].name": "<string>",
        "result.auth[].type": "<string>",
        "result.auth[].quirks": "<string>"
      }
    ]
  },
  "status_code": 123,
  "detail": "<string>"
}
Extract authentication information from API documentation. Identifies authentication mechanisms such as Basic Auth, Bearer tokens, OAuth2, API Keys, and other security schemes.

Request

session_id
string
required
Session ID (UUID format)
use_previous_session_data
boolean
default:"true"
Whether to use previous session data if available

Response

Returns a job ID to poll for results.
jobId
string
Job ID (UUID) to track extraction progress

Example Request

curl -X POST "https://api.example.com/digester/550e8400-e29b-41d4-a716-446655440000/auth" \
  -H "Authorization: Bearer YOUR_TOKEN"

Example Response

{
  "jobId": "123e4567-e89b-12d3-a456-426614174000"
}

Get Authentication Status

Get the status and results of the authentication extraction job.

Request

session_id
string
required
Session ID (UUID format)
jobId
string
Job ID (optional, will use session’s job if not provided)

Response

status
string
Job status: pending, running, finished, or failed
result
object
Extraction results (available when status is finished)
result.auth
array
List of authentication methods supported by the API
result.auth[].name
string
Full name of the authentication method as written in the documentation (preserves original casing, e.g., “BasicAuth”, “Bearer token”, “OAuth 2.0”)
result.auth[].type
string
Normalized auth type: basic, bearer, session, oauth2, apiKey, mtls, or closest descriptive string
result.auth[].quirks
string
Short notes about special behavior or non-standard aspects (e.g., custom headers, required scopes, token prefix)

Example Request

curl -X GET "https://api.example.com/digester/550e8400-e29b-41d4-a716-446655440000/auth?jobId=123e4567-e89b-12d3-a456-426614174000" \
  -H "Authorization: Bearer YOUR_TOKEN"

Example Response

{
  "status": "finished",
  "result": {
    "auth": [
      {
        "name": "Bearer Token",
        "type": "bearer",
        "quirks": "Requires 'Bearer' prefix in Authorization header"
      },
      {
        "name": "Basic Authentication",
        "type": "basic",
        "quirks": "Username and password encoded in Base64"
      },
      {
        "name": "OAuth 2.0",
        "type": "oauth2",
        "quirks": "Supports authorization_code and client_credentials flows. Requires 'read:users' and 'write:users' scopes"
      },
      {
        "name": "API Key",
        "type": "apiKey",
        "quirks": "Pass API key in 'X-API-Key' header"
      }
    ]
  }
}

Common Authentication Types

The extraction identifies various authentication mechanisms:

Basic Authentication

Username and password authentication using the HTTP Basic scheme. 
{
  "name": "Basic Auth",
  "type": "basic",
  "quirks": "Credentials must be Base64 encoded"
}

Bearer Token / JWT

Token-based authentication using the Bearer scheme. 
{
  "name": "Bearer JWT",
  "type": "bearer",
  "quirks": "JWT token with exp claim, pass in Authorization: Bearer {token}"
}

OAuth 2.0

OAuth 2.0 authentication with various grant types. 
{
  "name": "OAuth 2.0",
  "type": "oauth2",
  "quirks": "Supports authorization_code, client_credentials, and refresh_token flows. Token endpoint: /oauth/token"
}

API Key

API key authentication in headers or query parameters. 
{
  "name": "API Key",
  "type": "apiKey",
  "quirks": "Key must be passed in X-API-Key header or api_key query parameter"
}
Session-based authentication using cookies. 
{
  "name": "Session Cookie",
  "type": "session",
  "quirks": "JSESSIONID cookie set after login, expires after 30 minutes of inactivity"
}

Mutual TLS (mTLS)

Certificate-based authentication. 
{
  "name": "Client Certificate",
  "type": "mtls",
  "quirks": "Requires valid client certificate signed by trusted CA"
}

Authentication Quirks

The quirks field captures important implementation details:
  • Custom header names (e.g., “Use X-Auth-Token instead of Authorization”)
  • Token prefixes (e.g., “Must use ‘Token’ prefix, not ‘Bearer’”)
  • Required scopes or permissions (e.g., “Requires admin:write scope”)
  • Token expiration details (e.g., “Tokens expire after 1 hour”)
  • Special authentication flows (e.g., “Must call /auth/challenge first”)
  • Realm or domain requirements (e.g., “Must specify realm in WWW-Authenticate”)

Error Responses

status_code
number
HTTP status code
detail
string
Error message

Common Errors

404 Not Found - Session not found 
{
  "detail": "Session not found: 550e8400-e29b-41d4-a716-446655440000"
}

Build docs developers (and LLMs) love

Get started for freeTalk to us