Canonical Identity Provider Documentation
|
|
- Wesley Sanders
- 5 years ago
- Views:
Transcription
1 Canonical Identity Provider Documentation Release Canonical Ltd. December 14, 2018
2
3 Contents 1 API General considerations Rate limiting Standard response codes Standard response format Standard errors New format Errors Resources Account Token OAuth token Password reset token Macaroon Requests Registration Examples Login Examples Password reset Examples HTTP Routing Table 31 i
4 ii
5 Contents: Contents 1
6 2 Contents
7 CHAPTER 1 API General considerations SSL only JSON UTF-8 Rate limiting All API requests are rate limited. Upon reaching this limit, a HTTP response with status code 429 is returned. The body of such responses will be like: "code": "TOO_MANY_REQUESTS", "message": "Too many requests. Please try again later.", "extra": "Retry-After": 53 Standard response codes Success: 200 OK 201 Created Errors: 400 Bad Request 401 Unauthorized 403 Forbidden 404 Not Found 405 Method Not Allowed 406 Not Acceptable 409 Conflict 3
8 415 Unsupported Media Type Standard response format Success: HTTP/ OK "href": " "openid": "openid123", " ": "displayname": "Foo Bar Baz", "status": "NEW", "verified": true, " s": [ "href": " ] Error: HTTP/ BAD REQUEST "code": "INVALID_DATA", "message": "Invalid request data.", "extra": "displayname": "Field required" Standard errors The following generic error codes are currently defined: INVALID_DATA: Input data failed to validate. Error status code 400. The extra field includes the names of the fields that failed to validate, and a reason why they failed. See the relevant documentation for errors specific to each api. New format Errors The Snap Packages API uses conventional HTTP response codes to indicate success or failure of an API request. 4 Chapter 1. API
9 In general, codes in the 2xx range indicate success, codes in the 4xx range indicate an error that resulted from the provided information (e.g. a required parameter was missing) and codes in the 5xx range indicate an error with our servers. Here is detailed the format for API responses that end in error. This applies to all the 4xx responses, but also to some 5xx ones (if possible, the client should be prepared to handle 5xx responses with no informational body). Note that this structure format does not apply to 2xx and 3xx responses, as those are note errors. Important: Not all API endpoints are migrated yet to this new error format Format An error response body will contain the following field: error_list: a list of one or several items (never empty), each item described by... message: a text in English describing the error that happened, ready to show to the user. code: a short (but representative) string indicating concisely the error; it s aimed for clients to take specific actions and react to the problem. See below for the list of existing codes. Additionally and for backwards compatibility reasons, some other fields may be present as well, but are considered deprecated and will be removed in the near future. No status or success indication is returned inside the response body, the client should react properly to the received HTTP return code according to its well stablished semantics. Codes These are the codes used in the response and their meanings: account-not-ready: the account is deactivated, suspended or account is not validated. bad-request: there is a problem in the structure of the request. field-required: the field in the request can t be empty or null. internal-server-error: some unexpected problem server side; this will be the code in all 5xx cases. invalid-credentials: the credentials for the authentication are not valid (e.g.: the username or password is not correct). invalid-data: the data is incorrect or corrupt. permission-required: the macaroon authorization is missing in the received request or not enough for it to be fulfilled. resource-not-found: one or more fields are included to specify a resource, but it is not found in the Store. resource-not-ready: the request actions on a resource that is not ready yet for that purpose; normally something else would need to be done first on the resource before this request can be repeated. twofactor-required: two-factor authentication is required for this request but was not provided. user-not-ready: the user is not ready to issue the received request; normally some actions would need to be done in the user account before repeating the request New format Errors 5
10 Examples A simple error: "error_list": [ "message": "The field 'expiration' must be an integer", "code": "invalid-field" ] A multiple error: "error_list": [ "message": "The 'foo' field is required", "code": "missing-field", "message": "The 'bar' field is required", "code": "missing-field", "message": "The 'baz' field must not be empty", "code": "invalid-field" ] 6 Chapter 1. API
11 CHAPTER 2 Resources Account Data structure An Account resource provides the following fields: href Link to the account resource itself. openid Claimed user open id suffix. preferred Preferred address. displayname Display name for the user. status Status of the account. Possible values are: verified Not activated Active Deactivated (by user) Suspended (by admin) True if the account is verified (atm, it checks if the user has a validated address). s List of addresses associated to the user, each one with an href field linking to the corresponding resource, and a boolean verified field that indicates if the has been verified or not. The list will have at the most 10 results, and they will be ordered from last created to oldest. tokens List of oauth tokens associated to the user, each one with an href field linking to the corresponding token resource, and a name field that holds the name given to the token at creation time. 7
12 The list will have at the most 10 results, and they will be ordered from last updated (last used) to less used. Use cases Create an account POST /api/v2/accounts Creates a new account Form Parameters user s address password user s password (min 8 chars) displayname user s name creation_source a string describing source of user creation (optional) captcha_id (optional) captcha_solution (optional) create_captcha (optional, defaults to True) Status Codes 201 Created account created 401 Unauthorized captcha required Errors The errors are returned as a json-encoded dict with keys: code: code name, see below for the list of names (e.g. ALREADY_REGISTERED) message: error explanation (e.g. The address is already registered) extra: specific to each error (optional) INVALID_DATA: The provided data is not valid or incomplete. Error status code 400. The extra attribute in the response will include all the fields that failed validation, like: "code": "INVALID_DATA", "message": "Invalid request data", "extra": "password": ["Field required"], "displayname": ["Field required"], " ": ["Field required"] ALREADY_REGISTERED: This address is already registered. The error uses a 409 code, indicating a conflict. The extra field includes: the that was used to register 8 Chapter 2. Resources
13 CAPTCHA_FAILURE: Failed response to captcha challenge. Error status code 403. This error has one field in the extra attribute. capture_message: the error message returned by recaptcha. CAPTCHA_REQUIRED: A captcha challenge is required to complete the request. Error status code 401. If create_captcha is True (the default), this error will include two fields in the extra attribute. If False, extra will be empty. image_url: a link to an image containing the captcha challenge to be answered captcha_id: the identifier for this specific challenge (which should be sent back along with the user provided response) The consumer should present the user with the image referred by the image_url attribute, and collect a response from the user. The consumer should then retry the request, including two extra parameters: captcha_id (as provided in the error response) captcha_solution: the user provided response to the captcha challenge CAPTCHA_ERROR: The recaptcha service is down or not working properly. Error status code 502. This error has the following fields. recaptcha_reason text reason for the error recaptcha_status_code * the http code returned by the recaptcha service recaptcha_body * http body returned by the recaptcha service * These fields will be empty for non http network errors (like connection refused ) Examples Request: POST /api/v2/accounts HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": "foo@example.com", "password": "thepassword", "displayname": "Foo Bar Baz" If captcha is required POST /api/v2/accounts HTTP/1.1 Host: login.ubuntu.com Accept: application/json 2.1. Account 9
14 " ": "password": "thepassword", "displayname": "Foo Bar Baz", "captcha_id": "some-captcha-id", "captcha_solution": "the solution" Response: HTTP/ CREATED Vary: Accept Location: /api/v2/accounts/openid123 "href": " "openid": "openid123", "preferred ": "displayname": "Foo Bar Baz", "status": "NEW", "verified": false, " s": [ "href": " ] If captcha is required HTTP/ UNAUTHORIZED Vary: Accept "code": "CAPTCHA_REQUIRED", "message": "Captcha validation required.", "extra": "image_url": " "captcha_id": "some-captcha-id" An Ubuntu SSO account can have one or more s linked to it. addresses can have a verified or unverified status, depending on whether the owner completed the verification process for each address or not. An account s can also be the preferred address, which will be a verified address if there is such, otherwise it will be the l address the user created the account with. 10 Chapter 2. Resources
15 Authentication This endpoint requires every request to be OAuth signed with a token belonging to the account owning the that is being operated on. The OAuth token can be obtained following the documentation at the OAuth token resource. Example of OAuth signing code, assuming an existing account foo@example.com with password password: import json import requests from requests_oauthlib import OAuth1 SSO_ROOT_URL = ' SSO_API_URL = SSO_ROOT_URL + 'api/v2/' = 'foo@example.com' data = ' ': , 'password': 'password', 'token_name': 'Doc test' response = requests.post( SSO_API_URL + 'tokens/oauth', json=data, headers='accept': 'application/json') credentials = response.json() auth = OAuth1(credentials['consumer_key'], credentials['consumer_secret'], credentials['token_key'], credentials['token_secret']) response = requests.get( SSO_API_URL + ' s/' + , auth=auth, headers='accept': 'application/json') print(response.json()) Use cases Obtain details GET /api/v2/ s/< address> Obtain details for a given address Form Parameters verified whether the was verified or not date_created date when was linked to the account address href link to this resource Status Codes 200 OK ok 401 Unauthorized OAuth signature is not valid Errors INVALID_DATA: Provided is not correct. Error status code
16 Examples Request: POST HTTP/1.1 Host: login.ubuntu.com Accept: application/json Response: HTTP/ OK Location: " ": "verified": true, "href": "/api/v2/ s/foo%40example.com", "date_created": " T14:16:41" If the OAuth signature is not correct: HTTP/ UNAUTHORIZED "code": "INVALID_CREDENTIALS", "message": "Your /password isn't correct.", "extra": Token Ubuntu SSO uses tokens of different kinds for different aspects of the service. Currently it knows about the following types of tokens OAuth token Password reset token Macaroon OAuth token An OAuth token represents a token used to sign requests using the OAuth 1.0a spec. Data structure consumer_key consumer_secret 12 Chapter 2. Resources
17 token_key token_secret token_name date_created date_updated Use cases Create an oauth token POST /api/v2/tokens/oauth Creates a new OAuth token Form Parameters user s address password user s password token_name a name for the token otp one-time password (optional) Status Codes 200 OK existing token returned 201 Created token created 401 Unauthorized invalid credentials or otp password required 403 Forbidden invalid otp provided 403 Forbidden account is suspended or inactive 403 Forbidden invalidated A consumer requesting an authentication token must provide a token name. This name will be used by the user to identify the token when doing token management. The recommended scheme for token names is application_namedevice_name. This allows a user to easily identify which tokens belong to which application or to which device. For example they may wish to revoke all tokens for a particular application across their devices, or revoke all tokens on a particular device. If a token name is requested that already exists (for this user) then the existing token will be returned (status code 200) instead of a new one being created (status code 201). If an otp (one-time-password) is provided then it will be checked against any two factor devices registered for the account. If the otp does not match any devices then a 403 will be returned. If an otp is required for the account, but not sent, then a 401 will be returned. Errors INVALID_CREDENTIALS: Provided /password is not correct. Error status code OAuth token 13
18 ACCOUNT_SUSPENDED: Account has been suspended. Error status code 403. ACCOUNT_DEACTIVATED: Account has been deactivated. Error status code _INVALIDATED: This address has been invalidated. Error status code 403. TWOFACTOR_REQUIRED: 2-factor authentication required. Error status code 401. TWOFACTOR_FAILURE: The provided 2-factor key is not recognised. Error status code 403. PASSWORD_POLICY_ERROR: The user s password doesn t comply with the security constraints in force for the account. It must be reset via the web. Error status code 403. The extra field includes: location: the domain to visit via the web to reset the password reason: the reason why the password doesn t comply with the policy TOO_MANY_REQUESTS: Too many requests from the same IP address. Error status code 429. Examples Request: POST /api/v2/tokens/oauth HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": "foo@example.com", "password": "thepassword", "token_name": "the-name" If 2-factor authentication is required: 14 Chapter 2. Resources
19 POST /api/v2/tokens/oauth HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": "password": "thepassword", "token_name": "the-name", "otp": "123456" Response: HTTP/ CREATED Location: /api/v2/tokens/oauth/the-key "href": " "token_key": "token-key", "token_secret": "token-secret", "token_name": "token-name", "consumer_key": "consumer-key", "consumer_secret": "consumer-secret" "date_created": " :43:23", "date_updated": " :43:23" If credentials don t match: HTTP/ UNAUTHORIZED "code": "INVALID_CREDENTIALS", "message": "Your /password isn't correct.", "extra": If 2-factor authentication is required: HTTP/ UNAUTHORISED "code": "TWOFACTOR_REQUIRED", "message": "This account requires 2-factor authentication.", "extra": Password reset token A password reset token represents a token used to request a password reset. This token will be generated and an will be sent to the user s preferred address including a value that has to be provided when specifying the new password Password reset token 15
20 Data structure Use cases Create a password reset token POST /api/v2/tokens/password Creates a new password reset token Form Parameters user s address Status Codes 201 Created token created 403 Forbidden account suspended 403 Forbidden account deactivated 403 Forbidden can not reset password 403 Forbidden invalidated 403 Forbidden too many tokens A consumer requesting a password reset token must provide an address. This address will be used to look up the user s account in order to send the user an containing a token that must be provided when setting the new password. To prevent spamming unknowing users by sending multiple password reset s, only a maximum amount of nonconsumed tokens will be allowed to exist at any given time. When such limit is reached, attempting to create a new token will result in an error response. Errors ACCOUNT_SUSPENDED: Account has been suspended. Error status code 403. ACCOUNT_DEACTIVATED: Account has been deactivated. Error status code _INVALIDATED: This address has been invalidated. Error status code 403. CAN_NOT_RESET_PASSWORD: Can not reset password. Error status code Chapter 2. Resources
21 TOO_MANY_TOKENS: Too many non-consumed tokens exist. Further token creation is not allowed until existing tokens expire or are consumed. Error status is 403. Examples Request: POST /api/v2/tokens/password HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": Response: HTTP/ CREATED Location: /api/v2/tokens/password/the-key " ": If too many tokens exist: HTTP/ FORBIDDEN "code": "TOO_MANY_TOKENS", "message": "Too many non-consumed tokens exist. Further token creation is not allowed until existin "extra": Macaroon A macaroon is a bearer token with fine-grained constraints. See the original paper for details. Ubuntu SSO issues discharge macaroons, which can be bound to macaroons issued by other cooperating services to prove the user s identity. Use cases Issue a discharge macaroon POST /api/v2/tokens/discharge Issues a new discharge macaroon 2.6. Macaroon 17
22 Form Parameters user s address password user s password caveat_id the caveat ID addressed to Ubuntu SSO from the macaroon that is to be discharged otp one-time password (optional) Status Codes 200 OK macaroon issued 400 Bad Request invalid request data 401 Unauthorized invalid credentials or otp password required 403 Forbidden invalid otp provided 403 Forbidden account is suspended or inactive 403 Forbidden invalidated 403 Forbidden password does not meet security constraints The service that issued the macaroon that this discharge is to be bound to should have included a caveat in that macaroon addressed to Ubuntu SSO. To issue an appropriate discharge macaroon, the caller must extract the ID of this caveat. This can be done in Python as follows: from pymacaroons import Macaroon def extract_caveat_id(macaroon_raw): macaroon = Macaroon.deserialize(macaroon_raw) for caveat in macaroon.caveats: if caveat.location == 'login.ubuntu.com': return caveat.caveat_id else: raise ValueError('No login.ubuntu.com caveat found') If an otp (one-time-password) is provided then it will be checked against any two factor devices registered for the account. If the otp does not match any devices then a 403 will be returned. If an otp is required for the account, but not sent, then a 401 will be returned. Errors INVALID_CREDENTIALS: Provided /password is not correct. Error status code 401. ACCOUNT_SUSPENDED: Account has been suspended. Error status code 403. ACCOUNT_DEACTIVATED: Account has been deactivated. Error status code Chapter 2. Resources
23 _INVALIDATED: This address has been invalidated. Error status code 403. TWOFACTOR_REQUIRED: 2-factor authentication required. Error status code 401. TWOFACTOR_FAILURE: The provided 2-factor key is not recognised. Error status code 403. PASSWORD_POLICY_ERROR: The user s password doesn t comply with the security constraints in force for the account. It must be reset via the web. Error status code 403. The extra field includes: location: the domain to visit via the web to reset the password reason: the reason why the password doesn t comply with the policy TOO_MANY_REQUESTS: Too many requests from the same IP address. Error status code 429. Examples Request: POST /api/v2/tokens/discharge HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": "foo@example.com", "password": "thepassword", "caveat_id": "\"secret\": \"thesecret\", \"version\": 1" If 2-factor authentication is required: POST /api/v2/tokens/discharge HTTP/1.1 Host: login.ubuntu.com Accept: application/json " ": "foo@example.com", "password": "the-password", "caveat_id": "\"secret\": \"the-secret\", \"version\": 1", "otp": "123456" 2.6. Macaroon 19
24 Response: HTTP/ OK "discharge_macaroon": "the-macaroon" If credentials don t match: HTTP/ UNAUTHORIZED "error_list": [ "code": "invalid-credentials", "message": "Provided /password is not correct." ] If 2-factor authentication is required: HTTP/ UNAUTHORIZED "error_list": [ "code": "twofactor-required", "message": "2-factor authentication required." ] Refresh a discharge macaroon POST /api/v2/tokens/refresh Refreshes a discharge macaroon Form Parameters discharge_macaroon the serialized macaroon to be refreshed Status Codes 200 OK macaroon refreshed 400 Bad Request invalid request data 401 Unauthorized discharge macaroon does not verify 403 Forbidden account is inactive Discharge macaroons are time-limited and must eventually be refreshed. The need for this will be indicated by an error response from the cooperating service. When this happens, the caller should send the old discharge macaroon to this endpoint, which will issue a refreshed version if the original credentials are still valid. 20 Chapter 2. Resources
25 Among other reasons, the discharge macaroon may fail to verify if the user s password has changed since it was issued. In this case, the caller must request a new discharge macaroon. Errors INVALID_CREDENTIALS: The provided discharge macaroon is invalid, or the user s password has changed since the discharge macaroon was issued. Error status code 401. ACCOUNT_DEACTIVATED: Account has been deactivated. Error status code 403. Examples Request: POST /api/v2/tokens/refresh HTTP/1.1 Host: login.ubuntu.com Accept: application/json "discharge_macaroon": "the-old-macaroon" Response: HTTP/ OK "discharge_macaroon": "the-new-macaroon" If the user s password has changed: HTTP/ UNAUTHORIZED "error_list": [ "code": "invalid-credentials", "message": "Provided /password is not correct." ] 2.6. Macaroon 21
26 Requests A controller resource to operate on OAuth requests. This endpoint performs OAuth signature validation to allow external services to authenticate users via OAuth signed requests. Valid Tokens are those obtained from the OAuth token resource. Data structure is_valid: boolean If the OAuth signature provided is valid, a few extra fields are returned: identifier: identifier for the account owning the OAuth token used to sign the request account_verified: whether the account owning the OAuth token used to sign the request is verified or not Use cases Validate an OAuth signature POST /api/v2/requests/validate Validates an OAuth-signature. Form Parameters http_url the target url that was originally OAuth signed by a client http_method the target http method that was originally OAuth signed authorization the OAuth Authorization header resulting from OAuth signing the http request to the url http_url using method http_method Status Codes 200 OK always, with a json-encoded body returning if signature is valid or not This method does not require authentication, and returns whether the given OAuth signature is valid for the given http_url and http_method. If the authorization field is not present, the OAuth signature is expected to be present in http_url as part of the query string. Examples Request: POST /api/v2/requests/validate HTTP/1.1 Host: login.ubuntu.com Accept: application/json "http_url": " "http_method": "GET", "authorization": "OAuth realm='some client', oauth_version='1.0', oauth_signature='oitso7pakzxodfsq 22 Chapter 2. Resources
27 Response: If signature is valid: HTTP/ OK "is_valid": true, "identifier": "64we8bn", "account_verified": true If signature is not valid: HTTP/ OK "is_valid": false 2.7. Requests 23
28 24 Chapter 2. Resources
29 CHAPTER 3 Registration Registration is performed by creating an Account resource. Refer to Create an account for details. Examples curl -d '" ": "foo@example.com", "password": "thepassword", "displayname": "Foo Bar Baz"' \ -H '' \ -X POST \ 25
30 26 Chapter 3. Registration
31 CHAPTER 4 Login Login is performed by creating an OAuth token resource. Refer to Create an oauth token for details. Examples curl -d '" ": "foo@example.com", "password": "thepassword", "token_name": "foo-desktop"' \ -H '' \ -X POST \ 27
32 28 Chapter 4. Login
33 CHAPTER 5 Password reset Password reset is initiated by creating a Password reset token resource. The user will receive an containing a token, which is to be provided alongside with the new password to complete the reset procedure. Refer to Create a password reset token for details. Examples curl -d '" ": "foo@example.com"' \ -H '' \ -X POST \ 29
34 30 Chapter 5. Password reset
35 HTTP Routing Table /api GET /api/v2/ s/< address>, 11 POST /api/v2/accounts, 8 POST /api/v2/requests/validate, 22 POST /api/v2/tokens/discharge, 17 POST /api/v2/tokens/oauth, 13 POST /api/v2/tokens/password, 16 POST /api/v2/tokens/refresh, 20 31
flask-jwt-simple Documentation
flask-jwt-simple Documentation Release 0.0.3 vimalloc rlam3 Nov 17, 2018 Contents 1 Installation 3 2 Basic Usage 5 3 Changing JWT Claims 7 4 Changing Default Behaviors 9 5 Configuration Options 11 6 API
More informationShopitem API A technical guide to the REST API for managing updates of shopitems
Shopitem API A technical guide to the REST API for managing updates of shopitems Date: 07-12-2018 Version: 3.4 1 Index Introduction and background... 3 1. How to get access to the API and its online docs...
More informationUsing OAuth 2.0 to Access ionbiz APIs
Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationflask-jwt Documentation
flask-jwt Documentation Release 0.3.2 Dan Jacob Nov 16, 2017 Contents 1 Links 3 2 Installation 5 3 Quickstart 7 4 Configuration Options 9 5 API 11 6 Changelog 13 6.1 Flask-JWT Changelog..........................................
More informationArcher Documentation. Release 0.1. Praekelt Dev
Archer Documentation Release 0.1 Praekelt Dev February 12, 2014 Contents 1 User Service 3 1.1 Installation................................................ 3 1.2 API....................................................
More informationIntroduction & Basics! Technical Foundation! Authentication! Obtaining a token!... 4 Using the token! Working with notes!...
Simplenote API2 Documentation v2.1.3: (April 18, 2011). Recent documentation changes are listed on the last page. Contents Introduction & Basics!... 3 Technical Foundation!... 3 Authentication!... 4 Obtaining
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationSophos Mobile Control Network Access Control interface guide. Product version: 7
Sophos Mobile Control Network Access Control interface guide Product version: 7 Document date: January 2017 Contents 1 About this guide...3 2 About Sophos Mobile Control...4 3 Sophos Mobile Control NAC
More informationLibelium Cloud Hive. Technical Guide
Libelium Cloud Hive Technical Guide Index Document version: v7.0-12/2018 Libelium Comunicaciones Distribuidas S.L. INDEX 1. General and information... 4 1.1. Introduction...4 1.1.1. Overview...4 1.2. Data
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationThe production version of your service API must be served over HTTPS.
This document specifies how to implement an API for your service according to the IFTTT Service Protocol. It is recommended that you treat this document as a reference and follow the workflow outlined
More informationf5-icontrol-rest Documentation
f5-icontrol-rest Documentation Release 1.3.10 F5 Networks Aug 04, 2018 Contents 1 Overview 1 2 Installation 3 2.1 Using Pip................................................. 3 2.2 GitHub..................................................
More informationProtect Your API with OAuth 2. Rob Allen
Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:
More informationIf the presented credentials are valid server will respond with a success response:
Telema EDI REST API Telema EDI REST API allows client to send and receive document to and from Telema server. In order to use EDI REST API client must have correct channel configured in Telema system.
More informationdjango-oauth2-provider Documentation
django-oauth2-provider Documentation Release 0.2.7-dev Alen Mujezinovic Aug 16, 2017 Contents 1 Getting started 3 1.1 Getting started.............................................. 3 2 API 5 2.1 provider.................................................
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationReviewing the API Documentation
About the Cisco APIC-EM API Documentation, page 1 Testing the Cisco APIC-EM APIs, page 6 About the Cisco APIC-EM API Documentation Cisco APIC-EM controller provides interactive, northbound Representational
More informationAPI Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationSophos Mobile. Network Access Control interface guide. Product Version: 8.1
Network Access Control interface guide Product Version: 8.1 Contents About this guide... 1 Sophos Mobile NAC support... 2 Prerequisites...3 Configure NAC support...4 NAC web service interface... 5 API
More informationNasuni Data API Nasuni Corporation Boston, MA
Nasuni Corporation Boston, MA Introduction The Nasuni API has been available in the Nasuni Filer since September 2012 (version 4.0.1) and is in use by hundreds of mobile clients worldwide. Previously,
More informationUSER MANUAL. SalesPort Salesforce Customer Portal for WordPress (Lightning Mode) TABLE OF CONTENTS. Version: 3.1.0
USER MANUAL TABLE OF CONTENTS Introduction...1 Benefits of Customer Portal...1 Prerequisites...1 Installation...2 Salesforce App Installation... 2 Salesforce Lightning... 2 WordPress Manual Plug-in installation...
More informationBlack Box DCX3000 / DCX1000 Using the API
Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.
More informationSecure Access Manager User Guide December 2017
Secure Access Manager User Guide December 2017 Copyright 2017 Exostar, LLC All rights reserved. 1 INTRODUCTION... 3 SUMMARY... 3 BASIC FUNCTIONS... 3 LOGIN TO YOUR SAM ACCOUNT... 3 How to Activate your
More informationOAuth2 Autoconfig. Copyright
Copyright Table of Contents... iii 1. Downloading... 1 1.1. Source... 1 1.2. Maven... 1 1.3. Gradle... 2 2. Authorization Server... 3 3. Resource Server... 4 I. Token Type in User Info... 5 II. Customizing
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationNasuni Data API Nasuni Corporation Boston, MA
Nasuni Corporation Boston, MA Introduction The Nasuni API has been available in the Nasuni Filer since September 2012 (version 4.0.1) and is in use by hundreds of mobile clients worldwide. Previously,
More informationINSTALLATION GUIDE Spring 2017
INSTALLATION GUIDE Spring 2017 Copyright and Disclaimer This document, as well as the software described in it, is furnished under license of the Instant Technologies Software Evaluation Agreement and
More informationCheck to enable generation of refresh tokens when refreshing access tokens
VERSION User: amadmin Server: sp.example.com LOG OUT OAuth2 Provider Save Reset Back to Services Realm Attributes Indicates required field Authorization Code Lifetime Refresh (seconds) If this field is
More informationLUCITY REST API INTRODUCTION AND CORE CONCEPTS
LUCITY REST API INTRODUCTION AND CORE CONCEPTS REST API OFFERINGS Lucity Citizen Portal REST API Lucity REST API Both products are included in our REST API Historically we also offered a COM API and a.net
More informationExternal HTTPS Trigger AXIS Camera Station 5.06 and above
HOW TO External HTTPS Trigger AXIS Camera Station 5.06 and above Created: October 17, 2016 Last updated: November 19, 2016 Rev: 1.2 1 Please note that AXIS does not take any responsibility for how this
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationREST API: Guide for Implementers
REST API: Guide for Implementers Version 1.03 SP-API-REST-IG-201805--R001.03 Sage 2018. All rights reserved. This document contains information proprietary to Sage and may not be reproduced, disclosed,
More informationAPI Reference Manual
FUJITSU Cloud Service K5 API Reference Manual Version.5 FUJITSU LIMITED Preface Purpose of This Document This guide describes the specification of the API (Application Programming Interface) provided by
More informationExostar Identity Access Platform (SAM) User Guide September 2018
Exostar Identity Access Platform (SAM) User Guide September 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 INTRODUCTION... 4 SUMMARY... 4 Exostar IAM Platform (SAM) Organization and User Types...
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationSophos Mobile app groups interface guide. Product version: 7.1
Sophos Mobile app groups interface guide Product version: 7.1 Contents 1 About this guide...3 2 App reputation support...4 3 The app groups web service interface...5 4 API description...7 4.1 Log in...7
More informationBlueprint REST API Developer Guide
http://documentation.blueprintcloud.com Blueprint REST API Developer Guide 2017 Blueprint Software Systems Inc. All rights reserved 10/5/2017 Blueprint REST API Overview The Blueprint REST API allows you
More informationHeader Status Codes Cheat Sheet
Header Status Codes Cheat Sheet Thanks for downloading our header status codes cheat sheet! Below you ll find all the header status codes and their meanings. They are organized by sections, starting with
More informationAuthorization and Authentication
CHAPTER 2 Cisco WebEx Social API requests must come through an authorized API consumer and be issued by an authenticated Cisco WebEx Social user. The Cisco WebEx Social API uses the Open Authorization
More informationSecure Access Manager User Guide September 2017
Secure Access Manager User Guide September 2017 1 1 INTRODUCTION... 3 1.1 SUMMARY... 3 2 BASIC FUNCTIONS... 3 2.1 LOGIN TO YOUR SAM ACCOUNT... 3 2.1.1 How to Activate your Account... 3 2.1.2 How to Login
More informationSQLSplitter v Date:
SQLSplitter v2.0.1 Date: 2017-02-18 1 Contents Introduction... 3 Installation guide... 4 Create S3 bucket access policy... 4 Create a role for your SQLSplitter EC2 machine... 5 Set up your AWS Marketplace
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationFull-Time Logging In & Access Version 5.0
Full-Time Logging In & Access Version 5.0 Full-Time Logging In & Access Page 1 Logging In & Access From March 2016 onwards we have introduced a new system for logging in to Full-Time, to increase the security
More informationHow to Configure Authentication and Access Control (AAA)
How to Configure Authentication and Access Control (AAA) Overview The Barracuda Web Application Firewall provides features to implement user authentication and access control. You can create a virtual
More informationServer - The Tigo platform and urls associated with the api Client - Third party user with api access to the Tigo platform and/or Tigo api.
Tigo REST API V3 Introduction This api is used to work with the Tigo Energy platform to automate the retrieval and creation of elements. It will attempt to adhere to standard REST calls found in most REST
More informationAccount Activity Migration guide & set up
Account Activity Migration guide & set up Agenda 1 2 3 4 5 What is the Account Activity (AAAPI)? User Streams & Site Streams overview What s different & what s changing? How to migrate to AAAPI? Questions?
More informationExostar Identity Access Platform (SAM) User Guide July 2018
Exostar Identity Access Platform (SAM) User Guide July 2018 Copyright 2018 Exostar, LLC All rights reserved. 1 Version Impacts Date Owner Identity and Access Management Email Verification (Email OTP) July
More informationWriting REST APIs with OpenAPI and Swagger Ada
Writing REST APIs with OpenAPI and Swagger Ada Stéphane Carrez FOSDEM 2018 OpenAPI and Swagger Ada Introduction to OpenAPI and Swagger Writing a REST Ada client Writing a REST Ada server Handling security
More informationIBM Security Access Manager Version June Development topics IBM
IBM Security Access Manager Version 9.0.5 June 2018 Development topics IBM IBM Security Access Manager Version 9.0.5 June 2018 Development topics IBM ii IBM Security Access Manager Version 9.0.5 June
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationIBM Security Access Manager for Mobile Version Developer topics
IBM Security Access Manager for Mobile Version 8.0.0.5 Developer topics IBM Security Access Manager for Mobile Version 8.0.0.5 Developer topics ii IBM Security Access Manager for Mobile Version 8.0.0.5:
More informationRESTful API TLS/SSL. InCommon c/o Internet Oakbrook Drive, Suite 300 Ann Arbor MI, 48104
RESTful API TLS/SSL InCommon c/o Internet2 1000 Oakbrook Drive, Suite 300 Ann Arbor MI, 48104 Table of Contents Version History... 2 1 Introduction... 3 1.1 HTTP Methods... 3 1.2 HTTP Status Codes... 3
More informationEasily Secure your Microservices with Keycloak. Sébastien Blanc Red
Easily Secure your Microservices with Keycloak Sébastien Blanc Red Hat @sebi2706 Keycloak? Keycloak is an open source Identity and Access Management solution aimed at modern applications and services.
More informationAPI Specification Doc
API Specification Doc (SMS System Gateway) Version Date Description 1.0 01-Nov-2017 Initial draft 1.1 18-Feb-2018 Updated to include Delivery report call back options 1.2 10-Apr-2018 Appended API to include
More informationAccount Activity Migration guide & set up
Account Activity Migration guide & set up Agenda 1 2 3 4 5 What is the Account Activity (AAAPI)? User Streams & Site Streams overview What s different & what s changing? How to migrate to AAAPI? Questions?
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationSecure Access Manager (SAM) Administrator Guide December 2017
Secure Access Manager (SAM) Administrator Guide December 2017 Copyright 2017 Exostar, LLC All rights reserved. 1 SECURE ACCESS MANAGER (SAM) OVERVIEW... 4 ADMINISTRATIVE ROLES OVERVIEW... 4 SAM NAVIGATIONAL
More informationE POSTBUSINESS API Login-API Reference. Version 1.1
E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval
More informationCloud Elements CRM Hub Provisioning and Usage Guide
Cloud Elements CRM Hub Provisioning and Usage Guide API Version 2.0 Page!1 Introduction The CRM Hub provides a uniform API that allows applications to use various endpoints such as Salesforce, Zoho, SugarCRM,
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationSalesforce Mobile App Security Guide
Salesforce Mobile App Security Guide Version 3, 0 @salesforcedocs Last updated: October 11, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered trademark of salesforce.com,
More informationEMS Platform Services Installation & Configuration Guides
EMS Platform Services Installation & Configuration Guides V44.1 Last Updated: August 7, 2018 EMS Software emssoftware.com/help 800.440.3994 2018 EMS Software, LLC. All Rights Reserved. Table of Contents
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationvrealize Log Insight Developer Resources
vrealize Log Insight Developer Resources vrealize Log Insight 4.3 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new
More informationSophos Mobile. app groups interface guide. Product Version: 8.5
app groups interface guide Product Version: 8.5 Contents About this guide... 1 App reputation support...2 The app groups web service interface... 3 API description... 5 Log in...5 Log out...6 Create app
More informationvrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0
vrealize Log Insight Developer Resources Update 1 Modified on 03 SEP 2017 vrealize Log Insight 4.0 You can find the most up-to-date technical documentation on the VMware website at: https://docs.vmware.com/
More informationPostgreSQL as REST API Server without coding. Priya
PostgreSQL as REST API Server without coding Priya Ranjan @ranjanprj API Future of Application Development APIs are prerequisite for innovation Microservices provide APIs in a bounded context Existing
More informationSAS Event Stream Processing 4.3: Security
SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,
More informationInformation About SIP Compliance with RFC 3261
APPENDIX A Information About SIP Compliance with RFC 3261 This appendix describes how the Cisco SIP IP phone complies with the IETF definition of SIP as described in RFC 3261. It has compliance information
More informationIaaS API Reference (Management Administration)
FUJITSU Cloud Service K5 IaaS API Reference (Management Administration) Version 1.18 FUJITSU LIMITED All Rights Reserved, Copyright FUJITSU LIMITED 2015-2018 K5IA-DC-M-001-001E Preface Structure of the
More informationPatch Server for Jamf Pro Documentation
Patch Server for Jamf Pro Documentation Release 0.7.0 Bryson Tyrrell Mar 16, 2018 Contents 1 Change History 3 2 Setup the Patch Server Web Application 7 3 Add Your Patch Server to Jamf Pro 11 4 API Authentication
More information[GSoC Proposal] Securing Airavata API
[GSoC Proposal] Securing Airavata API TITLE: Securing AIRAVATA API ABSTRACT: The goal of this project is to design and implement the solution for securing AIRAVATA API. Particularly, this includes authenticating
More informationAuthentication CS 4720 Mobile Application Development
Authentication Mobile Application Development System Security Human: social engineering attacks Physical: steal the server itself Network: treat your server like a 2 year old Operating System: the war
More informationREST API Operations. 8.0 Release. 12/1/2015 Version 8.0.0
REST API Operations 8.0 Release 12/1/2015 Version 8.0.0 Table of Contents Business Object Operations... 3 Search Operations... 6 Security Operations... 8 Service Operations... 11 Business Object Operations
More informationSalesforce1 Mobile Security White Paper. Revised: April 2014
Salesforce1 Mobile Security White Paper Revised: April 2014 Table of Contents Introduction Salesforce1 Architecture Overview Authorization and Permissions Communication Security Authentication OAuth Pairing
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationChatWork API Documentation
ChatWork API Documentation 1. What s ChatWork API? 2. ChatWork API Endpoints 3. OAuth 4. Webhook What s ChatWork API? ChatWork API is an API provided for developers to programmatically interact with ChatWork's
More informationSalesforce Integration User Guide. Cvent, Inc 1765 Greensboro Station Place McLean, VA
Salesforce Integration User Guide 2017 Cvent, Inc 1765 Greensboro Station Place McLean, VA 22102 www.cvent.com Contents Salesforce Integration User Guide... 3 Setting Up Your Account... 4 Helpful Hints...
More informationMobile Procurement REST API (MOBPROC): Access Tokens
Mobile Procurement REST API (MOBPROC): Access Tokens Tangoe, Inc. 35 Executive Blvd. Orange, CT 06477 +1.203.859.9300 www.tangoe.com TABLE OF CONTENTS HOW TO REQUEST AN ACCESS TOKEN USING THE PASSWORD
More informationvcloud Air Platform Programmer's Guide
vcloud Air Platform Programmer's Guide vcloud Air OnDemand 5.7 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new edition.
More informationREST Admin API. Note: Version 9.X or higher is required for the support of REST API. Version /17
REST Admin API Setup Each application that will communicate to the SecurAccess server via the REST API interface will require authorisation as a trusted source, located under Config/REST API from the SecurEnvoy
More informationDigiCert User Guide (GÉANT)
DigiCert User Guide (GÉANT) Version 8.3 Table of Contents 1 User Management... 10 1.1 Roles and Account Access... 10 1.1.1 Administrator Role... 10 1.1.2 User Role... 10 1.1.3 EV Verified User... 10 1.1.4
More informationC U B I T S. API DOCUMENTATION Version 1.8
C U B I T S API DOCUMENTATION Version 1.8 Table of Contents Table of Contents Introduction Request and Response Format Authentication Callbacks User language selection Test Invoices Channels Quote Channels
More informationBuilding the Modern Research Data Portal. Developer Tutorial
Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016
More informationEnhancing cloud applications by using external authentication services. 2015, 2016 IBM Corporation
Enhancing cloud applications by using external authentication services After you complete this section, you should understand: Terminology such as authentication, identity, and ID token The benefits of
More informationStorageGRID Webscale 11.0 Administrator Guide
StorageGRID Webscale 11.0 Administrator Guide January 2018 215-12402_C0 doccomments@netapp.com Table of Contents 3 Contents Understanding the StorageGRID Webscale system... 8 What the StorageGRID Webscale
More informationDeploying OAuth with Cisco Collaboration Solution Release 12.0
White Paper Deploying OAuth with Cisco Collaboration Solution Release 12.0 Authors: Bryan Morris, Kevin Roarty (Collaboration Technical Marketing) Last Updated: December 2017 This document describes the
More informationIBM Security Access Manager Version 9.0 October Product overview IBM
IBM Security Access Manager Version 9.0 October 2015 Product overview IBM IBM Security Access Manager Version 9.0 October 2015 Product overview IBM ii IBM Security Access Manager Version 9.0 October 2015:
More informationAzure Developer Immersions API Management
Azure Developer Immersions API Management Azure provides two sets of services for Web APIs: API Apps and API Management. You re already using the first of these. Although you created a Web App and not
More informationGuide to your CGIAR Network account Self Service tool
Guide to your CGIAR Network account Self Service tool The self-service tool allows you to: Change Password: Change your current password from anywhere using your web browser. Reset Password: Reset your
More informationpenelope case management software AUTHENTICATION GUIDE v4.4 and higher
penelope case management software AUTHENTICATION GUIDE v4.4 and higher Last modified: August 9, 2016 TABLE OF CONTENTS Authentication: The basics... 4 About authentication... 4 SSO authentication... 4
More informationIBM Security Access Manager Version 9.0 October Development topics IBM
IBM Security Access Manager Version 9.0 October 2015 Development topics IBM IBM Security Access Manager Version 9.0 October 2015 Development topics IBM ii IBM Security Access Manager Version 9.0 October
More informationflask-jwt-extended Documentation
flask-jwt-extended Documentation Release 3.10.0 vimalloc rlam3 Jun 29, 2018 Contents 1 Installation 1 2 Basic Usage 3 3 Partially protecting routes 5 4 Storing Data in Access Tokens 7 5 Tokens from Complex
More informationOAuth2lib. implementation
OAuth2lib http://tools.ietf.org/html/ietf-oauth-v2-08 implementation 24 Junio 2010 Índice de contenido Oauth2lib v05...1 Introduction...3 Documentation...4 OAuth2 Assertion Flow...4 Authorization Flow...4
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 08 Tutorial 2, Part 2, Facebook API (Refer Slide Time: 00:12)
More information