> For the complete documentation index, see [llms.txt](https://docs.lowcoder.cloud/lowcoder-api-specification/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.lowcoder.cloud/lowcoder-api-specification/authentication.md). # Authentication Lowcoder comes with a feature-rich API, so you can use it in Lowcoder Apps or extend Lowcoder with new Functionality. On [api-service.lowcoder.cloud](https://api-service.lowcoder.cloud/api/docs/webjars/swagger-ui/index.html#/) you can access this API as well, just some endpoints are not available. ## Authentication ### Session Cookie In application properties of the API-Service - or as ENV Variable in Docker setups, you can set a name for the Cookie. In our Examples`LOWCODER_CE_SELFHOST_TOKEN` With this value, you can then authenticate API Calls. If no user is logged In, API Calls will get executed in the name of "Anonymous User" and for most of the API Calls, this user has no desired rights. If you are logged in, the Cookie of the currently logged-in user will be used to make API Calls in the name of the current user. This means, that Access Rights to different Functions are automatically applied by the Role of the User. (Admin, Member, Visitor) If you want to use the API from outside of Lowcoder, you need to authenticate first and use the Cookie as the `LOWCODER_CE_SELFHOST_TOKEN` API key in every API Call. ```bash // Login a User on Lowcoder by eMail curl --location '//api/auth/form/login' \ --header 'Content-Type: application/json' \ --header 'Accept: */*' \ --data '{ "loginId": "", "password": "", "register": "false", "source": "EMAIL", "authId": "EMAIL" }' ``` When successfully logged in, you will get the following Response: ```json // Login Method Response { "code": 1, "message": "", "data": true, "success": true } ``` In particular, you will get back the Cookie to authorize the next API Calls. ``` // Cookie in Response LOWCODER_CE_SELFHOST_TOKEN=; Path=/; Max-Age=2592000; Expires=Tue, 25 Jul 2023 13:51:31 GMT; HttpOnly; SameSite=Lax ``` For all the next API Calls you need to set the Cookie ``` // API Requests authorized curl --location 'http://localhost:3000//api/users/currentUser' \ --header 'Accept: */*' \ --header 'Cookie: LOWCODER_CE_SELFHOST_TOKEN=' ``` ### API Key Since Lowcoder v2.1.3 you can create and use alternatively also a JWT-based API Key. As a logged-in user, you can use the API based on the Cookie to generate an API Key. ```bash // use the Lowcoder API to generate the JWT based API Key curl --location '/api/auth/api-key' \ --header 'cookie: LOWCODER_CE_SELFHOST_TOKEN=;' \ --header 'Content-Type: application/json' \ --data '{ "name":"", "description": "A wonderful API Key" }' ``` In return, you will get a JSON response containing the API key ```json { "code": 1, "message": "", "data": { "id": "" }, "success": true } ``` For all further API Calls, you can then use the API Key, which impersonates the logged-in user, that created the API Key. {% hint style="warning" %} As the API Key impersonates the user, who created the API Key (based on the Cookie), all rights of that impersonated User are also active via API Key. {% endhint %} --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.lowcoder.cloud/lowcoder-api-specification/authentication.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.