Authentication calls
Web API has been updated to use standard OAuth 2.0 for verification and authorization.
Log on and Log off requests are no longer supported. Authorization requests are now made to an authentication service under a Resource Owner Password Credentials Grant, which is one of four grant types defined by the OAuth 2.0.
| Call | Group | HTTP type | Client ID | grant_type | Userid | password | access_token | refresh_token |
|---|---|---|---|---|---|---|---|---|
| Token | oauth2 | Post | ● | ● | ● | ● | ||
| Token | oauth2 | Post | ● | ● | ● | |||
| Revoke | oauth2 | Post | ● | ● |
Client ID
All OAuth 2.0 requests must have an HTTP header labeled "Authorization: Basic" with an encoded ClientID value that matches the Client ID provided in Advanced Inventory Platform Manager Admin > Configuration > Security Settings on the Web API Agent tab.
This replaces the previously used access key, and provides a shared secret between Advanced Inventory Platform Manager and the client. This controls client access to the Advanced Inventory system. If it is suspected that the Client ID has been compromised, it can be changed in Platform Manager. This will terminate the connection for any client using the previous Client ID and the new Client ID can be shared with authorized clients so they can reconnect.
Token request using Credentials
An access_token request using the Resource Owner Password Credentials Grant requires the following HTTP headers.
-
Authorization: Set this to Basic and use the encoded ClientID.
-
grant_type: Set this to password.
-
Username: Use the Advanced Inventory Login ID.
-
Password: Use the Advanced Inventory user password.
Example of a successful post and response
POST https://localhost:8130/oauth2/token
grant_type: password
Authorization: Basic RFNJOg==
username: testUser
password: testPass
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 200 OK
Content-Length: 118
Content-Type: application/json; charset=utf-8
{"access_token":"gZUvJAMfyMDP0eJfF9H/vvnZ1APOuy7RiWLh3RQbUyE=","refresh_token":"063fe8a7-8472-4f64-b42d-55da55fc4df2"}
Token request using Refresh Token
An access_token request using a refresh_token requires the following HTTP headers.
-
Authorization: Set this to Basic and use the encoded ClientID.
-
grant_type: Set this to refresh_token.
-
refresh_token: Use the Advanced Inventory LoginID.
Example of a successful post and response
POST https://localhost:8130/oauth2/token
refresh_token: 063fe8a7-8472-4f64-b42d-55da55fc4df2
grant_type: refresh_token
Authorization: Basic RFNJOg==
Content-Type: application/x-www-form-urlencoded
HTTP/1.1 200 OK
Content-Length: 118
Content-Type: application/json; charset=utf-8
{"access_token":"tA0OH3KCCQBYIdoT9H5SoxPyJCkKtb5kaPsUAKLq/p0=","refresh_token":"8737c33c-fc3f-438b-9625-900f1635bb06"}
Revoke request
Invalidating an access_token using a revoke request requires the following HTTP headers.
-
Authorization: Set this to Basic and use the encoded ClientID.
-
access_token: Set this to the access_token to be revoked.
Example of a successful post and response
POST https://localhost:8130/oauth2/revoke access_token: tA0OH3KCCQBYTdoT9H5SoxPyJckKtb5kaPsUAKLq/po= Authorization: Basic RFNJOg== Content-Type: application/x-www-form-urlencoded HTTP/1.1 200 OK Conent-Length: 0
Loading...
There was a problem loading this topic