Dadosfera API Overview

The Dadosfera API is the platform's programmatic layer. It allows external systems to integrate with Dadosfera and lets applications automate operations involving pipelines, connections, files, tables, datasets, catalog assets, customers, and access credentials.

In practice, it supports both interactive user-driven workflows and system-to-system integrations, enabling secure and controlled access to platform capabilities.

What the API Covers

The current API documentation includes resources for:

• authentication and token refresh
• pipeline creation, execution, monitoring, and maintenance
• connection management and OAuth-based integrations
• file, table, and dataset operations in storage
• catalog search and data asset maintenance
• customer-related operations and platform administration
• API key creation and lifecycle management
• service health and availability checks

Updated Authentication Flow

The authentication model is designed to support both human users and automated integrations.

User Authentication

The primary sign-in flow uses username and password. If multi-factor authentication is enabled, the totp code must also be provided.

After a successful sign-in, the response includes:

• accessToken: the token used to authenticate API requests
• refreshToken: the token used to obtain a new accessToken
• customer: environment details such as id, name, and available modules
• user: information about the authenticated user

Based on the durations currently documented in Maestro:

• accessToken: expires in 30 minutes
• refreshToken: expires in 24 hours

Token Refresh

When the accessToken expires, clients can call the refresh route using the current refreshToken and the customerName returned during sign-in. This avoids repeating the full login flow every time the short-lived token expires.

API Keys

For backend integrations and automation scenarios, the platform also supports API keys with explicit permissions. This is the preferred model for server-to-server access where an interactive user session is not appropriate.

API keys:

• are created with a defined permission set
• expose the full key value only once during creation
• should be stored securely
• can be rotated by creating a new key and removing the previous one

Best Practices

• Use user authentication when actions are performed in the context of an authenticated user session.
• Use API keys for automated integrations and internal services.
• Treat accessToken as a short-lived credential.
• Store refreshToken and API keys in a secure secret manager.
• Review granted permissions before promoting an integration to production.

Next Steps

After this overview, use the API reference documentation to explore the specific endpoints for authentication, pipelines, storage, catalog, and other platform domains.