...
Object | Example |
---|---|
Token | cd2b2895-85d0-49c5-bd75-804f162da942 |
BaseURL | |
Resource | /nbia-api/services/v2 |
Endpoint | getModalityValues |
Query Parameters | Collection=TCGA-BRCA |
See See Image Download APIs and Image Metadata APIs for more information about each NBIA Search with Authentication REST API.
...
Access to any NBIA Search with Authentication API requires a token that you must request.
...
This token can then be used on subsequent requests to authorize access to resources. This token will expire in two hours but you can refresh it.
The NBIA REST API supports secure access to private data in the Client Credentials authorization flow with Spring Security and OAuth2. The Client Credentials authorization flow is also known as "signed fetch" or 2-legged OAuth. The following figure illustrates the typical use case for REST API calls made on the web using 2-legged OAuth. For more information regarding the specific workflow, consult the OAuth2 Specification.
Note |
---|
The credentials you pass differ based on whether the collections include public or restricted data. You must contact the TCIA Help Desk for permission to access private collections and receive the client_id and client_secret values required for RESTful access to those collections. |
+---------+ +---------------+ | | | | | |>--(A)- Client Authentication --->| Authorization | | Client | | Server | | |<--(B)---- Access Token ---------<| | | | | | +---------+ +---------------+
Figure 1: Client Credentials Flow
This flow includes the following steps:
- The client authenticates with the authorization server and requests an access token from the token endpoint.
- The authorization server authenticates the client, and if valid, issues an access token.
This token can then be used on subsequent requests to authorize access to resources. The REST API server also supports token expiration and extension by refresh. The time it takes tokens to expire is currently two hours but is configurable.
To access TCIA using an NBIA Search with Authentication REST API, you must do the following:
Requesting a Token to Use with Restricted Data
Access to any NBIA Search with Authentication REST API requires an access token.
A request for an access token takes the following structure. Note that USERNAME should be your TCIA username and PASSWORD should be your TCIA password.
Requesting a Token
Access to any NBIA Advanced REST API requires an access token. A request for an access token takes the following structure. Note that USERNAME should be your TCIA username and PASSWORD should be your TCIA password.
Code Block | ||
---|---|---|
| ||
curl -X -v -d "username=USERNAME&password=PASSWORD& | ||
Code Block | ||
| ||
curl -X -v -d "username=USERNAME&password=PASSWORD&client_id=NBIA&grant_type=password" -X POST -k https://services.cancerimagingarchive.net/nbia-api/oauth/token |
Request a token by interacting with the application in the following way.
- The application requests credentials. The credentials you pass are different depending on if you want to access public or restricted data (see above).
The application sends a request to the service using the credentials you provided as a query string for the body.
- grant_type=password
- username=your TCIA username
- password=your TCIA password
The service responds with access token details and expiration information.
- access_token
- expires_in
- refresh_expires_in
- refresh_token
- not-before-policy
- session_state
The application makes a request for resources using the returned access token. All APIs listed for accessing public data also support secure access to restricted data with an additional parameter for the access token.
Requesting a Token to Use with Public Data
If you don't have a TCIA account and want to test an API on this page, you can access public data using the NBIA guest account with no password, as follows.
Code Block | ||
---|---|---|
| ||
curl -d "username=nbia_guest&password=&client_id=NBIA&grant_type=password" -X POST -k https://services.cancerimagingarchive.net/nbia-api/oauth/token |
How a Token is Returned/Granted/Given
A successful token request returns a standard access token in JSON format. The value after "access_token" will likely be longer than this example.
Code Block | ||
---|---|---|
| ||
{"access_token":"f7889076-b3e4-4768-9419-3cd973adda76","token_type":"bearer","refresh_token":"671bb72b-f929-4ef5-a4d7-b52341a6007a","expires_in":7199} |
...
If you don't have a TCIA account, you can access public data using the "nbia_guest" account with no password, as follows.
Code Block | ||
---|---|---|
| ||
curl -X -v -d "username=nbia_guest&password=&client_id=NBIA&grant_type=password" -X POST -k https://services.cancerimagingarchive.net/nbia-api/oauth/token |
How a Token is Returned/Granted/Given
A successful token request returns a standard access token in JSON format. The value after "access_token" will be longer than this example.
Code Block | ||
---|---|---|
| ||
{"access_token":"cd2b2895-85d0-49c5-bd75-804f162da942","expires_in":7200,"refresh_expires_in":7200,"refresh_token":"eyJhbGciOiJIUzI1NiIsInR5cCIgO","not-before-policy":0,"session_state":"92a199c6-84ed-48aa-a0d2-059bbb99bc90","scope":"openid profile email"} |
Make a note of the access token you received and pass it with the REST service call.
Code Block | ||
---|---|---|
| ||
# Request for modality values and counts curl -H "Authorization:Bearer YOUR_ACCESS_TOKENcd2b2895-85d0-49c5-bd75-804f162da942" -k "https://services.cancerimagingarchive.net/nbia-api/services/v2/getModalityValuesAndCounts?Collection=LIDC-IDRI" |
A successful service request returns the value in a defined format.
Refreshing the Token
The time it takes tokens to expire is configurable but is currently two hours. You can refresh your access token for an additional two hours by passing the refresh token from your original token request.
Code Block | ||
---|---|---|
| ||
# Request for refreshing the token
curl -X -v -d "username=USERNAME&client_id=nbia&grant_type=refresh_token&refresh_token=YOUR_REFRESH_TOKEN" -X POST -k https://nbia.cancerimagingarchive.net/nbia-api/oauth/token |
In the following result, 7200
is the seconds before the token expires.
Code Block | ||
---|---|---|
| ||
{"access_token":"YOUR_ACCESS_TOKEN","expires_in":7200,"refresh_expires_in":7200,"refresh_token":"YOUR_REFRESH_TOKEN","token_type":"Bearer","id_token":"YOUR_ID_TOKEN","not-before-policy":0,"session_state":"531425b6-425d-44f8-bc74-41200d6803c0","scope":"openid profile email"} |
Logging Out
The following is an example request to log out. Logging out invalidates the token you previously requested.
Code Block | ||
---|---|---|
| ||
# Request for logout
curl -X -v -d "Authorization:Bearer YOUR_ACCESS_TOKEN" -k "https://services.cancerimagingarchive.net/nbia-api/logout" |
The request does not return any values.
Accessing the National Lung Screening Trial (NLST) collection
Due to its size, the National Lung Screening Trial (NLST) collection lives on a separate NBIA server. Since this server only holds the public NLST collection, there is no reason to create an API token with your own credentials. To access these data via the Advanced REST API, you must change the URL to obtain the authentication token from https://
...
nlst.cancerimagingarchive.net/nbia-api/oauth/token
...
. You can then use https://nlst.cancerimagingarchive.net/nbia-api/services/ to make REST API calls. In both cases, the beginning of the URL is changed from "services" to "nlst." Examples of requesting a token and performing an API query are shown below:
Code Block | ||
---|---|---|
| ||
curl -X -v -d "username=nbia_guest&password=&client_id=NBIA&grant_type=password" -X POST -k https://nlst.cancerimagingarchive.net/nbia-api/oauth/token |
Code Block | ||
---|---|---|
| ||
curl -H |
In the following result, 7200
is the seconds before the token expires.
Code Block | ||
---|---|---|
| ||
{"access_token":"YOUR_ACCESS_TOKEN","expires_in":7200,"refresh_expires_in":7200,"refresh_token":"YOUR_REFRESH_TOKEN","token_type":"Bearer","id_token":"YOUR_ID_TOKEN","not-before-policy":0,"session_state":"531425b6-425d-44f8-bc74-41200d6803c0","scope":"openid profile email"} |
Logging Out
The following is an example request to log out.
Code Block | ||
---|---|---|
| ||
# Request for logout curl -X -v -d "Authorization:Bearer YOUR_ACCESS_TOKEN" -k "https://servicesnlst.cancerimagingarchive.net/nbia-api/logout" |
...
services/getBodyPartValuesAndCounts?Modality=PT" |
Excerpt Include | ||||||
---|---|---|---|---|---|---|
|
...