About Authentication to DCH

PreviousChange your password NextOrganisations

Last updated 1 year ago

About Authentication to DCH

You can securely access your account's resources by authenticating to DCH, using different credentials depending on where you authenticate.

About authentication to DCH

To keep your account secure, you must authenticate before you can access certain resources on DCH. When you authenticate to DCH, you supply or confirm credentials that are unique to you to prove that you are exactly who you declare to be.

You can access your resources in DCH in a variety of ways either in the browser, or with the API. Each way of accessing DCH supports different modes of authentication.

Username and Password
Access Token
API Key

Authenticating in your browser

To access the web interface through the browser you will authenticate using your dataclearinghouse.org username and password. Your username will be the email address that was used when you were invited into DCH. You will set your password on first signup to the platform, and can reset it via the login page.

We recommend that you use a password manager to generate a random and unique password.

Authenticating with the API

To use the REST API endpoints you need to use an Access Token or an API Key. With the exception below, basic authorisation (username / password) cannot be used with the REST API endpoints.

Obtaining an Access Token

You can use the GET /dch/v1/oauth_token endpoint with basic authorisation (username/password) to obtain an Access Token. This Access Token can then be used with the remaining REST API endpoints to access DCH resources. Access Tokens expire and need to be refreshed. When obtaining an access token you are also provided with the expiry time so you can refresh the token as required.

Generating an API Key

API Keys can either be generated from the web interface once authenticated, or via the REST API endpoints, using an Access Token with the POST /dch/v1/me/keys endpoint. Valid API Keys can be used with all REST API endpoints in the same way as Access Tokens can be.

Notes:

API Keys can optionally be generated with an expiry date.
The only time to access the value of an API Key is at creation time - I.e. there is no way to recover the value of an API Key if is is lost.
API Keys can be edited (disabled, re-enabled, and expiry date changed) through the Web Interface or the REST API endpoints.