Log in with HAT

The HAT is an API-only service, meaning it does not enforce a specific Application or User Interface to expose the data to the user. Instead, authentication happens using the HAT APIs and the Javascript Web Token (JWT). Each HAT runs as a separate server and has a publicly-reachable address (such as https://test.hubofallthings.net). All calls in this documentation are therefore executed against an individual HAT. The same login mechanism is used across all applications in the ecosystem, including:

While it is not necessary to enforce a specific user interface, the HATDeX platform mandates a standard interface for interactions with the HAT across all applications to embed familiarity for the user, so as to build confidence and give assurance to HAT owners that their interactions on the platform and with their own HAT is consistent across all applications.

HAT differentiates services into two kinds: approved and generic:

  • approved ones have been configured with a HAT and may have special permissions such as accessing HAT data (such as HAT app) or entering new data (Data Plugs)
  • generic services that only need to validate that the individual owns a specific HAT.

The steps in logging in with a HAT are:

  1. You send the user to /hatlogin endpoint on their hat, such as https://test.hubofallthings.net
  2. The HAT owner enters their login details in the login screen and verifies the service they are logging into
  3. User gets redirected back to the address you have provided with authentication token in a query parameter. You validate the token against the HAT's public key and know that the user owns the specific HAT and log them in
© 2017 - 2019 HAT Data Exchange Ltd.