Versions Compared

Old Version 1

changes.mady.by.user Emil Ifrim

Saved on

compared with

New Version Current

changes.mady.by.user Emil Ifrim

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Change log:

Date:

Author:

Version:

Changes:

Completed

Ext.

Int.

Is in Core

Jira Ref.

19 November 2018

Emil Ion Ifrim

1.0

Doc. created

Yes


x

N/A



The purpose of this section is to describe how to authenticate when making API calls using the Rator REST APIconfigure brand access.

 

OAuth 2

For obtaining access/bearer tokens, we support the following of RFC-6749's grant flows, plus a custom password flow for authentication of Operators:

1. Resource Owner Password Credentials Grant 

Useful if you have the end user's password but you want to use a more secure end user access token instead. 

...

Overview

This article applies to rator-rest-api-3.x and rator-rest-api-auth-1.x. With those versions, brand_key parameter is mandatory.

Token Endpoint (Authentication)

In order to obtain an access token, every request has to contain the brand_key parameter. This parameter is of type QUERY.

Example:curl -v -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token

...

?username=#myusername&password=

...

2. Operator Password Credentials Grant 

Useful if you have the end user's password but you want to use a more secure end user access token instead. 

...

#mypassword&grant_type=

...

password&

...

brand_key={

...

3. Client Credentials Grant

Somewhat like our existing "2-LO" flow for OAuth 1. Obtain an access token that represents not an end user, but the owner of the client/consumer:

...

mybrandkey}

REST API Endpoint (Resources)

Every request for any resource has to contain the X-RATOR-brand-key parameter. This parameter is of type HEADER.

Example: 

$ curl -X GET 'http://host:port/appcontext

...

Making requests

Once you have an access token, one can use it in a request as a request header: Authorization: Bearer {access_token}

Refresh tokens

The access tokens expire after an interval that is configured in OAUTH_CLIENT_DETAILS table. When this happens you'll get 401 responses.

$ curl -X POST -u myclientid:myclientsecret http://host:port/appcontext/oauth/token -H "Accept: application/json" -d "grant_type=refresh_token&refresh_token={refresh_token}&brandKey={myBrandKey}"

Scopes

...

 

Filter by label (Content by label)showLabelsfalsemax5spacesRatorInterfacesortmodifiedshowSpacefalsereversetruetypepagelabelskb-how-to-article/api/billing-groups/201506171857210002/balance' 

-H 'Accept-Language: it' 
-H 'Authorization: Bearer 2acda61f-cf4f-42be-8561-563b5db7840f
-H 'X-RATOR-brand-key: BRAND1'