API Reference

The platform provides a REST API for all operations. API documentation is available directly from the platform:

• Swagger UI -- Endpoint documentation with request/response schemas
• ReDoc -- Alternative API reference

Both are read-only references generated automatically from the API's OpenAPI specification and are always up to date with the running platform version.

Authentication

All API endpoints require authentication. To use the API:

1. Obtain an API key from a Jaxon platform administrator. The administrator creates a service account in Authentik and provides the API key (token).

2. Exchange the API key for an access token using OAuth 2.0 Client Credentials Grant:

   curl -X POST https://<host>/application/o/token/ \
     -H "Content-Type: application/x-www-form-urlencoded" \
     -d "grant_type=client_credentials" \
     -d "client_id=jaxon-client" \
     -d "username=<service-account-username>" \
     -d "password=<api-key>" \
     -d "scope=openid profile email"
   

   The response includes an access_token (JWT).

3. Decode the groups claim from the access token JWT. The groups claim contains the list of Authentik groups the service account belongs to. Select one of these groups to use as the active group context for API requests.

4. Include both headers on every API request:

   curl https://<host>/api/v1/projects \
     -H "Authorization: Bearer <access_token>" \
     -H "X-Jaxon-Active-Group: <group-name>"
   

Required Headers

Header	Required	Description
Authorization	Yes	Bearer token (the JWT access token from step 2)
X-Jaxon-Active-Group	Yes	One of the groups from the access token's groups claim. Determines which group context is active for the request.

Token Refresh

Access tokens expire after 1 hour. Repeat the Client Credentials Grant request with the API key to obtain a new token.