Connect

Authentication

Discover how to authenticate Directus Connect requests using authorization headers, session cookies, or query parameters.

While the Public role can be configured to make data available without authentication, anything that is not public requires a user to authenticate their requests.

Each user can have a single Static Tokens that does not expire (though can be regenerated). Standard and Session Tokens are returned after a user logs in, are short lived, and need refreshing.

Requests can be authenticated in the following ways:

Add the following header: Authorization: Bearer <token>.

You do not need to set anything. The directus_session_token is used automatically.

Append the following query parameter: ?access_token=<token>.

Exercise caution when using query parameters for authentication
Using a query parameter for authentication can lead to it being revealed or logged. If possible, use another method.

::

Learn more about using authentication tokens and cookies.

Seamless SSO

Seamless SSO is a setup to allow logging in without the user ever seeing Directus' login page.

Filter Rules

Learn about filter rules in Directus - available operators, filter syntax, relational fields, dynamic variables, logical operators, and functions parameters. Understand how to build complex filters for permissions, validations, and automations.