GNSS Data Centre

Authentication

Most data in the repository is open to the public and can be browsed and downloaded anonymously. Use cases that do require authorisation are the following:

  • Real-time access to data and product streams

  • Data submission (file and real-time)

  • Access to restricted data

Data in the repository can have restricted access either because it has been submitted to Geoscience Australia in confidence or because it does not meet the required quality assurance criteria.

Applying for Username and Password

To apply for a username and password complete the registration form. After registering, please contact our team to organise the appropriate permissions for your use-case.

Authenticating with the SFTP Server

Your username and password are sufficient for read-only access to sftp.data.gnss.ga.gov.au. Please contact our team to gain permission for data submission or access to restricted folders.

Authenticating with AUSCORS NTRIP Caster

Authenticate to gain access to real-time data and product streams. See AUSCORS NTRIP Broadcaster for info.

$ curl https://ntrip.data.gnss.ga.gov.au/SSRA00GAA0 \
    -H "Ntrip-Version: NTRIP/2.0" \
    -is --output - \
    --user $USERNAME:$PASSWORD (1)

HTTP/1.1 200 OK
Connection: close
Content-Type: gnss/data
Date: Tue, 13 Dec 2022 06:23:46 GMT
Transfer-Encoding: chunked
...
1 Your username and password

Authenticating with the Web API

All Web API endpoints accept an API ID token in the Authorization HTTP request header. An ID token is a short-lived identifier that serves as proof of identify as well as authority. They are issued by our authentication system and are valid for one hour.

Query API endpoints, which only read from the repository, will work fine without authentication, but may return smaller result sets. All submission API endpoints require authentication.

  1. Exchange your user credentials for an ID token.

    Using curl

    $ curl -s https://cognito-idp.ap-southeast-2.amazonaws.com \
    -H "Content-Type: application/x-amz-json-1.1" \
    -H "X-Amz-Target: AWSCognitoIdentityProviderService.InitiateAuth" \
    -d @- << EOF
{
    "AuthFlow": "USER_PASSWORD_AUTH",
    "AuthParameters": {
        "USERNAME": "$USERNAME", (1)
        "PASSWORD": "$PASSWORD"  (2)
    },
    "ClientId": "h6nn4dkkjg622e9dqi5avg101" (3)
}
EOF

    Or using awscli

    $ aws cognito-idp initiate-auth \
    --auth-flow USER_PASSWORD_AUTH \
    --auth-parameters USERNAME=$USERNAME,PASSWORD=$PASSWORD \ (1) (2)
    --client-id h6nn4dkkjg622e9dqi5avg101 \ (3)
    --region ap-southeast-2

    Either way the response is the following:

    {
  "AuthenticationResult": {
    "AccessToken": "eyJraWQiOiJlaURX...",
    "ExpiresIn": 3600, (4)
    "IdToken": "eyJraWQiOiJ6M2hv...", (5)
    "RefreshToken": "eyJjdHkiOiJKV1Qi...",
    "TokenType": "Bearer"
  },
  "ChallengeParameters": {}
}
    1 Your username
    2 Your password
    3 Cognito client ID, same for all users
    4 Token expires in 3600 seconds.
    5 JWT ID token

  2. Make an authenticated API request.

    To make an authenticated API request against the repository web API, include the ID token in the HTTP request header field Authorization.

$ curl https://data.gnss.ga.gov.au/api/submit \
    -H "Authorization: Bearer eyJjdHkiOiJKV1Qi..." \ (5)
    -d @ALIC00AUS_R_20210020000_01D_30S_MO.crx.gz

Authenticating with AWS S3

To gain access to private S3 buckets, or restricted paths in public buckets, contact our team to describe your use case and to provide a list of canonical IAM user IDs that require access.

arn:aws:iam::<account-id>:user/<user-name>