Authentication for backend
Plus - API Authentication for backend
Authentication OAuth process
The global customer-ID [com_id] needs to be a part of the OAuth initiation call together with the [client_id]. Both of these values are retrieved from Papirfly.
[redirectUrl] can be any URL, but it needs to be approved on the Papirfly side.
1) Initiate OAuth authentication:
https://app.papirfly.com/mars/oauth2016.auth?scope=/mars/api_user.details+/o2/api_user.privs&redirect_uri=[redirectUrl]&state=XXXX&response_type=code&client_id=[client_id]&access_type=offline&approval_prompt=auto&p_com_id=[com_id]
2) You are redirected to Papirfly login screen (or SSO login screen)
if you need to avoid SSO, you have to use this URL (with previous OAuth URL encoded in [url] parameter):
https://app.papirfly.com/mars/external.access?p_com_id=[com_id]&p_lae_id=2&p_url=[url]
3) After successful login (or if you are already logged in and have necessary cookies), you are redirected to [redirectUrl] with [code] as parameter
e.g: https://app.papirfly.com/?code=[code] if [redirectUrl] would be equal to https://app.papirfly.com
Retrieve JWT token by calling:
https://api.papirfly.app/jwt/token
x-www-form-urlencoded with content fields:
client_id: [client_id]
client_secret: [client_secret]
code: [code] (from Auth call)
-> Returns JWT token in “access_token” JSON attribute.
Use JWT in Authorization header as a Bearer token to access all endpoints (header “Authorization: Bearer [access_token]”) in APIs and use refresh_token to obtain new access_token on the same endpoint (see bellow).
Endpoint for getting information about current user is available in Admin API.
JWT API
There is Swagger documentation available for this service:
https://api.papirfly.app/jwt/swagger-ui/index.html
Swagger URL for SSO login (replace [com_id] with your company ID):
https://api.papirfly.app/login?state=%2Fjwt%2Fswagger-ui%2Findex.html&p_com_id=[com_id]
Swagger URL for non-SSO login (replace [com_id] with your company ID twice): api.papirfly.app/mars/external.access?p_url=%2Flogin%3Fstate%3D%252Fjwt%252Fswagger-ui%252Findex.html%26p_com_id%3D[com_id]&p_com_id=[com_id]
JWT service is used to retrieve and renew JWT tokens which must be used as Bearer token in all requests towards our backend services.
Examples:
For these examples lets assume that you have called the OAuth login and received code=A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1 as parameter on the redirected url address
Retrieving JWT
Request
curl -X POST "https://api.papirfly.app/jwt/token" -H "accept: */*" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=<ClientId>&client_secret=<clientSecret>&code=A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1A1&lae_id=2"
Response
{
"access_token": "<JWT TOKEN>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<REFRESH TOKEN>",
"id_token": "<ID TOKEN>"
}
Refreshing JWT
Request
curl -X POST "https://api.papirfly.app/jwt/token" -H "accept: */*" -H "Content-Type: application/x-www-form-urlencoded" -d "client_id=<CLIENT_ID>&client_secret=<CLIENT_SECRET>&lae_id=2&refresh_token=<REFRESH_TOKEN>"
Response
{
"access_token": "<JWT TOKEN>",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "<REFRESH TOKEN>",
"id_token": "<ID TOKEN>"
}
Comments
0 comments
Please sign in to leave a comment.