Using OAuth 2.0 to Access ionbiz APIs
|
|
- Jessie Nash
- 5 years ago
- Views:
Transcription
1 Using OAuth 2.0 to Access ionbiz APIs ionbiz APIs use the OAuth 2.0 protocol for authentication and authorization. ionbiz supports common OAuth 2.0 scenarios such as those for web server, installed, and client-side applications. OAuth 2.0 is a relatively simple protocol. To begin, you obtain OAuth 2.0 credentials from the Applications page inside ionbiz site. Then your client application requests an access token from the ionbiz Authorization Server, extracts a token from the response, and sends the token to the ionbiz API that you want to access. This page gives an overview of the OAuth 2.0 authorization scenarios that ionbiz supports, and provides links to more detailed content. Note: Given the security implications of getting the implementation correct, we strongly encourage you to use OAuth 2.0 libraries when interacting with ionbiz's OAuth 2.0 endpoints. It is a best practice to use well-debugged code provided by others, and it will help you protect yourself and your users. For more information, see Client libraries. Basic steps All applications follow a basic pattern when accessing a ionbiz API using OAuth 2.0. At a high level, you follow four steps: 1. Obtain OAuth 2.0 credentials from the ionbiz site. Visit the Application page from ionbiz site to obtain OAuth 2.0 credentials such as a client ID and client SECRET that are known to both ionbiz and your application. The set of values varies based on what type of application you are building. For example, a JavaScript application does not require a secret, but a web server application does. 2. Obtain an access token from the ionbiz Authorization Server. Before your application can access private data using a ionbiz API, it must obtain an access token that grants access to that API. A single access token can grant varying degrees of access to multiple APIs. A variable parameter called scope controls the set of resources and operations that an access token permits. During the access-token request, your application sends one or more values in the scope parameter.
2 There are several ways to make this request, and they vary based on the type of application you are building. For example, a JavaScript application might request an access token using a browser redirect to ionbiz, while an application installed on a device that has no browser uses web service requests. Some requests require an authentication step where the user logs in with their ionbiz account. After logging in, the user is asked whether they are willing to grant the permissions that your application is requesting. This process is called user consent. If the user grants the permission, the ionbiz Authorization Server sends your application an access token (or an authorization code that your application can use to obtain an access token). If the user does not grant the permission, the server returns an error. 3. Send the access token to an API. After an application obtains an access token, it sends the token to a ionbiz API in an HTTP authorization header. It is possible to send tokens as URI query-string parameters, but we don't recommend it, because URI parameters can end up in log files that are not completely secure. Also, it is good REST practice to avoid creating unnecessary URI parameter names. Access tokens are valid only for the set of operations and resources described in the scope of the token request. For example, if an access token is issued for the ionbiz Resources API, it does not grant access to the ionbiz Projects API. 4. Refresh the access token, if necessary. Access tokens have limited lifetimes. If your application needs access to a ionbiz API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens. Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.
3 Scenarios A. Service accounts Your application can authenticate using the client_id and secret. In these situations your application needs to prove its own identity to the API, but no user consent is necessary. Similarly, in enterprise scenarios, your application can request delegated access to some resources. For these types of server-to-server interactions you need a service account, which is an account that belongs to your application instead of to an individual end-user. Your application calls ionbiz APIs on behalf of the service account, and user consent is not required. (In non-service-account scenarios, your application calls ionbiz APIs on behalf of end-users, and user consent is sometimes required.) Note: These service-account scenarios require applications to create and encode the client_id and secret. We strongly encourage you to use a library to perform these tasks. If you write this code without using a library, you might make errors that would have a severe impact on the security of your application. For a list of libraries that support this scenario, see the OAuth 2.0 site. A service account's credentials, which you obtain from the ionbiz site, a client ID and a client secret. You use the client ID and secret to create the token request. Your application then sends the token request to the ionbiz OAuth 2.0 Authorization Server, which returns an access token. The application uses the token to access a ionbiz API. When the token expires, the application repeats the process.
4 Example access token request POST HTTP/1.1 Host: localhost:1186 Content-Length: 93 User-Agent: Fidler Content-Type: application/x-www-form-urlencoded scope=r_resource&grant_type=client_credentials&client_id=={client_id}&client_secret={client_se cret}&state=anystate r_resource->read resources Example Result HTTP/ OK Status: 200 OK Content-Type: application/json; charset=utf-8... Content-Encoding: gzip Content-Length: 140 {"token_type":"bearer","access_token":"aaaa%2faaa%3da","expires_in":"28800"} B. Web server applications The ionbiz OAuth 2.0 endpoint supports web server applications that use languages and frameworks such as PHP, Java, Python, Ruby, and ASP.NET. The authorization sequence begins when your application redirects a browser to a ionbiz URL; the URL includes query parameters that indicate the type of access being requested. ionbiz handles the user authentication, session selection, and user consent. The result is an authorization code, which the application can exchange for an access token and a refresh token. The application should store the refresh token for future use and use the access token to access a ionbiz API. Once the access token expires, the application uses the refresh token to obtain a new one.
5 Flow example: 1. Authorization code request The web application redirects a browser to an authorization code end point with a set of query parameters, which are required by an authorization server. The parameters response_type,client_id, redirect_uri and scope must be present. And state is an optional parameter. Response_type must have value code. Client_id is the identifier of the calling client. Redirect_uri is the URI to which the user agent will be redirected within the authorization response message. This URI must be same as the URI, which registered by the client at the authorization server. Scope contains which resources requested by this client (separated by space). State is normally used by the client to maintain state between request and callback. An example URL is shown below. response_type=code& client_id=oauth_client& redirect_uri= scope=r_project& state=anystate 2. Authorization code response If the user allows the access, a response containing an authorization code and the state parameter (if included in the request) will be sent to the redirect_uri as specified in the request. If the user decline the request, an error message will be sent back.
6 A successful response: ystate An error response: 3. Access token request After the client receives the authorization code, it is able to create access token request. This request is an HTTPs POST request, and must contain parameters: grant_type, code, andredirect_uri in the HTTP body. Grant_type must have authorization_code as value. The received authorization code is set as value into the parameter code. Reditect_uri is the URI, which the client used to get the access token response. This URI must be same as the originally redirect_uri within the authorization request. For authentication the client, it must include its client credentials (client_id and client_secret) in the HTTP header of the reqeust as authorization header. And the request should use application/x-www-form-urlencoded for Content-type in the request, which is included in the HTTP header. Example request: https POST HTTP/1.1 Authorization: Basic TE... Content-type: application/x-www-form-urlencoded grant_type=authorization_code& code=aby-pywahukq_mbk9cxbyv8bedkb9az1qzkupbs84fq4phkh& redirect_uri= 4. Access token response The authorization server will build a JSON formatted access token response including the parameters access_token, token_type, expires_in and scope after successful validating the access token request. A successful access token response example: HTTP/ OK Content-Type: application/json;charset=utf-8 Cache-Control: no-store Pragma: no-cache { } "access_token":"a...", "token_type":"bearer", "expires_in":"3600", "scope":"r_project"
7 Token expiration You should write your code to anticipate the possibility that a granted token might no longer work. A token might stop working for one of these reasons: The user has revoked access. The expiration period elapses Make an API call With a valid access token in hand, you're ready to make a request to a REST interface. Below is call to get all resources from ionbiz. The simple request uses only the required input fields. The access token is an OAuth bearer token, and is included in the header of your requests with the following syntax: Authorization: Bearer <Access-Token>. Important: You must supply a valid access token to complete this request (generate a valid token using the example call above). Example ionbiz get all resources request GET /api/resources/getlist Host: Authorization: Bearer AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%2FAAAAAAAAAAAA A fully list of REST API operations and their signatures can be checked under API reference page (ionbizsite/apis-explorer) Examples:
8 resources: create, update, delete and view GET /api/resources/get/{id} GET /api/resources/getlist PUT /api/resources/update POST /api/resources/add DELETE /api/resources/delete/{id} projects: create, update, delete and view GET /api/projects/get/{id} GET /api/projects/getlist PUT /api/projects/update POST /api/projects/add DELETE /api/projects/delete/{id}
API Gateway. Version 7.5.1
O A U T H U S E R G U I D E API Gateway Version 7.5.1 15 September 2017 Copyright 2017 Axway All rights reserved. This documentation describes the following Axway software: Axway API Gateway 7.5.1 No part
More informationAruba Central Application Programming Interface
Aruba Central Application Programming Interface User Guide Copyright Information Copyright 2016 Hewlett Packard Enterprise Development LP. Open Source Code This product includes code licensed under the
More informationIntegrating with ClearPass HTTP APIs
Integrating with ClearPass HTTP APIs HTTP based APIs The world of APIs is full concepts that are not immediately obvious to those of us without software development backgrounds and terms like REST, RPC,
More informationINTEGRATION MANUAL DOCUMENTATION E-COMMERCE
INTEGRATION MANUAL DOCUMENTATION E-COMMERCE LOGIN: In order to use Inkapay's e-commerce payment API you should be registered and verified on Inkapay, otherwise you can do this by entering to www.inkapay.com.
More informationMobile Procurement REST API (MOBPROC): Access Tokens
Mobile Procurement REST API (MOBPROC): Access Tokens Tangoe, Inc. 35 Executive Blvd. Orange, CT 06477 +1.203.859.9300 www.tangoe.com TABLE OF CONTENTS HOW TO REQUEST AN ACCESS TOKEN USING THE PASSWORD
More informationE POSTBUSINESS API Login-API Reference. Version 1.1
E POSTBUSINESS API Login-API Reference Imprint Software and documentation are protected by copyright and may not be copied, reproduced, stored, translated, or otherwise reproduced without the written approval
More informationOAuth and OpenID Connect (IN PLAIN ENGLISH)
OAuth and OpenID Connect (IN PLAIN ENGLISH) NATE BARBETTINI @NBARBETTINI @OKTADEV A lot of confusion around OAuth. Terminology and jargon Incorrect advice Identity use cases (circa 2007) Simple login forms
More informationOracle Fusion Middleware. API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware API Gateway OAuth User Guide 11g Release 2 (11.1.2.2.0) August 2013 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.2.0) Copyright 1999, 2013, Oracle and/or its affiliates.
More informationBlackBerry AtHoc Networked Crisis Communication. BlackBerry AtHoc API Quick Start Guide
BlackBerry AtHoc Networked Crisis Communication BlackBerry AtHoc API Quick Start Guide Release 7.6, September 2018 Copyright 2018 BlackBerry Limited. All Rights Reserved. This document may not be copied,
More informationNetIQ Access Manager 4.3. REST API Guide
NetIQ Access Manager 4.3 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationClickToCall SkypeTest Documentation
ClickToCall SkypeTest Documentation Release 0.0.1 Andrea Mucci August 04, 2015 Contents 1 Requirements 3 2 Installation 5 3 Database Installation 7 4 Usage 9 5 Contents 11 5.1 REST API................................................
More informationProtect Your API with OAuth 2. Rob Allen
Protect Your API with OAuth 2 Authentication Know who is logging into your API Rate limiting Revoke application access if its a problem Allow users to revoke 3rd party applications How? Authorization header:
More informationConnect. explained. Vladimir Dzhuvinov. :
Connect explained Vladimir Dzhuvinov Email: vladimir@dzhuvinov.com : Twitter: @dzhivinov Married for 15 years to Java C Python JavaScript JavaScript on a bad day So what is OpenID Connect? OpenID Connect
More informationHKWirelessHD API Specification
HKWirelessHD API Specification Release 1.0 Harman International June 22, 2016 Contents 1 Overview 3 2 Contents 5 2.1 Introduction............................................... 5 2.2 HKWirelessHD Architecture
More informationfredag 7 september 12 OpenID Connect
OpenID Connect OpenID Connect Necessity for communication - information about the other part Trust management not solved! (1) OP discovery The user provides an identifier (for instance an email address)
More informationInland Revenue. Build Pack. Identity and Access Services. Date: 04/09/2017 Version: 1.5 IN CONFIDENCE
Inland Revenue Build Pack Identity and Access Services Date: 04/09/2017 Version: 1.5 IN CONFIDENCE About this Document This document is intended to provide Service Providers with the technical detail required
More informationThe production version of your service API must be served over HTTPS.
This document specifies how to implement an API for your service according to the IFTTT Service Protocol. It is recommended that you treat this document as a reference and follow the workflow outlined
More informationovirt SSO Specification
ovirt SSO Specification Behavior Changes End user visible changes The password delegation checkbox at user portal login is now a profile setting. Sysadmin visible changes Apache negotiation URL change
More informationLogin with Amazon. Developer Guide for Websites
Login with Amazon Developer Guide for Websites Login with Amazon: Developer Guide for Websites Copyright 2017 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo are
More informationThe OAuth 2.0 Authorization Protocol
The OAuth 2.0 Authorization Protocol Abstract The OAuth 2.0 authorization protocol enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by
More informationChatWork API Documentation
ChatWork API Documentation 1. What s ChatWork API? 2. ChatWork API Endpoints 3. OAuth 4. Webhook What s ChatWork API? ChatWork API is an API provided for developers to programmatically interact with ChatWork's
More informationNetIQ Access Manager 4.4. REST API Guide
NetIQ Access Manager 4.4 REST API Guide Contents 1. Introduction... 3 2. API Overview... 3 3 Administration APIs... 3 3.1 Accessing the Administration APIs... 3 3.2 Detailed API Documentation... 4 3.3
More informationWEB API. Nuki Home Solutions GmbH. Münzgrabenstraße 92/ Graz Austria F
WEB API v 1. 1 0 8. 0 5. 2 0 1 8 1. Introduction 2. Calling URL 3. Swagger Interface Example API call through Swagger 4. Authentication API Tokens OAuth 2 Code Flow OAuth2 Authentication Example 1. Authorization
More informationLogin with Amazon. Developer Guide API Version
Login with Amazon Developer Guide API Version 2013-01-03 Login with Amazon: Developer Guide Copyright 2013 Amazon Services, LLC or its affiliates. All rights reserved. The following are trademarks or registered
More informationOracle Fusion Middleware. Oracle API Gateway OAuth User Guide 11g Release 2 ( )
Oracle Fusion Middleware Oracle API Gateway OAuth User Guide 11g Release 2 (11.1.2.3.0) April 2014 Oracle API Gateway OAuth User Guide, 11g Release 2 (11.1.2.3.0) Copyright 1999, 2014, Oracle and/or its
More informationWeb Based Single Sign-On and Access Control
0-- Web Based Single Sign-On and Access Control Different username and password for each website Typically, passwords will be reused will be weak will be written down Many websites to attack when looking
More informationThe OAuth 2.0 Authorization Framework draft-ietf-oauth-v2-30
OAuth Working Group D. Hardt, Ed. Internet-Draft Microsoft Obsoletes: 5849 (if approved) D. Recordon Intended status: Standards Track Facebook Expires: January 16, 2013 July 15, 2012 The OAuth 2.0 Authorization
More informationGPII Security. Washington DC, November 2015
GPII Security Washington DC, November 2015 Outline User data User's device GPII Configuration use cases Preferences access and privacy filtering Work still to do Demo GPII User Data Preferences Device
More informationTELIA OPERATOR SERVICE PLATFORM
TELIA OPERATOR SERVICE PLATFORM OMA Authorization REST API Guide Copyright 2017 Aepona Limited, and copyright 2017 Telia All rights reserved by respective owners. Revision: 6.0 Legal Information Legal
More informationTutorial: Building the Services Ecosystem
Tutorial: Building the Services Ecosystem GlobusWorld 2018 Steve Tuecke tuecke@globus.org What is a services ecosystem? Anybody can build services with secure REST APIs App Globus Transfer Your Service
More informationAdvanced API Security
Advanced API Security ITANA Group Nuwan Dias Architect 22/06/2017 Agenda 2 HTTP Basic Authentication Authorization: Basic QWxhZGRpbjpPcGVuU2VzYW1l 3 API Security is about controlling Access Delegation
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding Table of Contents Table of Contents 1 List of Figures 2 1 FAS as an authorization server 3 2 OpenID Connect Authorization Code Request and Response
More information[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol
[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft
More informationNIELSEN API PORTAL USER REGISTRATION GUIDE
NIELSEN API PORTAL USER REGISTRATION GUIDE 1 INTRODUCTION In order to access the Nielsen API Portal services, there are three steps that need to be followed sequentially by the user: 1. User Registration
More informationOpenID Connect Opens the Door to SAS Viya APIs
Paper SAS1737-2018 OpenID Connect Opens the Door to SAS Viya APIs Mike Roda, SAS Institute Inc. ABSTRACT As part of the strategy to be open and cloud-ready, SAS Viya services leverage OAuth and OpenID
More informationRealtime API. API Version: Document Revision: 16 Last change:26 October Kwebbl Swiss Software House GmbH
Realtime API API Version: 1.0.0 Document Revision: 16 Last change:26 October 2016 Kwebbl Swiss Software House GmbH Haldenstrasse 5 6340 Baar info@kwebbl.com Switzerland www.kwebbl.com Table of Contents
More informationFAS Authorization Server - OpenID Connect Onboarding
FAS Authorization Server - OpenID Connect Onboarding 1 Table of Content FAS as an authorization server 3 1 OpenID Connect Authorization Code Request and Response 4 1.1 OPENID CONNECT AUTHORIZATION CODE
More information[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol
[MS-ADFSOAL]: Active Directory Federation Services OAuth Authorization Code Lookup Protocol Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft
More informationNewscoop API Documentation
Newscoop API Documentation Release 4.2.1 SW, PM February 04, 2016 Contents 1 Getting Started with the Newscoop RESTful API 3 1.1 Pre Authentication Setup......................................... 3 1.2
More informationAuthorization and Authentication
CHAPTER 2 Cisco WebEx Social API requests must come through an authorized API consumer and be issued by an authenticated Cisco WebEx Social user. The Cisco WebEx Social API uses the Open Authorization
More informationSalesforce IoT REST API Getting Started Guide
Salesforce IoT REST API Getting Started Guide Version 42.0, Spring 18 @salesforcedocs Last updated: March 9, 2018 Copyright 2000 2018 salesforce.com, inc. All rights reserved. Salesforce is a registered
More informationOAuth 2.0 Guide. ForgeRock Access Management 5.1. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
OAuth 2.0 Guide ForgeRock Access Management 5.1 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide
More informationNordea e-identification Service description
Nordea e-identification Service description October 2018 1 Change log Version Description/ Changes 1.0 Initial version 1.1 Minor updates to examples & service hours October 2018 2 Contents Change log...
More informationUsage of "OAuth2" policy action in CentraSite and Mediator
Usage of "OAuth2" policy action in CentraSite and Mediator Introduction Prerequisite Configurations Mediator Configurations watt.server.auth.skipformediator The pg.oauth2 Parameters Asset Creation and
More informationIdentity & Authorization Management (I.AM) Mobile integration Technical specifications. Version 1.1
Identity & Authorization Management (I.AM) Mobile integration Technical specifications Version 1.1 This document is provided to you free of charge by the ehealth platform Willebroekkaai 38 38, Quai de
More informationAT&T Developer Best Practices Guide
Version 1.2 June 6, 2018 Developer Delivery Team (DDT) Legal Disclaimer This document and the information contained herein (collectively, the "Information") is provided to you (both the individual receiving
More informationStateless Microservice Security via JWT, TomEE and MicroProfile
Stateless Microservice Security via JWT, TomEE and MicroProfile Jean-Louis Monteiro Tomitribe Why am I here today? Microservices architecture case Security opeons OAuth2 with JWT HTTP Signatures Demo with
More informationsanction Documentation
sanction Documentation Release 0.4 Demian Brecht May 14, 2014 Contents 1 Overview 3 2 Quickstart 5 2.1 Instantiation............................................... 5 2.2 Authorization Request..........................................
More informationpython-oauth2 Documentation
python-oauth2 Documentation Release 2.0.0 Markus Meyer Oct 07, 2017 Contents 1 Usage 3 2 Installation 5 3 oauth2.grant Grant classes and helpers 7 3.1 Three-legged OAuth...........................................
More information[MS-OAUTH2EX]: OAuth 2.0 Authentication Protocol Extensions. Intellectual Property Rights Notice for Open Specifications Documentation
[MS-OAUTH2EX]: Intellectual Property Rights Notice for Open Specifications Documentation Technical Documentation. Microsoft publishes Open Specifications documentation for protocols, file formats, languages,
More informationIdentity and Data Access: OpenID & OAuth
Feedback: http://goo.gl/dpubh #io2011 #TechTalk Identity and Data Access: OpenID & OAuth Ryan Boyd @ryguyrg https://profiles.google.com/ryanboyd May 11th 2011 Agenda Feedback: http://goo.gl/dpubh #io2011
More informationThe PureEngage Cloud API. Jim Crespino Director, Developer Enablement
The PureEngage Cloud API Jim Crespino Director, Developer Enablement The PureEngage Cloud API Analogous to the Platform SDK for PureEngage Premise Monolithic (v8.5) -> Microservices (v9.0) Architecture
More informationBuilding the Modern Research Data Portal using the Globus Platform. Rachana Ananthakrishnan GlobusWorld 2017
Building the Modern Research Data Portal using the Globus Platform Rachana Ananthakrishnan rachana@globus.org GlobusWorld 2017 Platform Questions How do you leverage Globus services in your own applications?
More informationOAuth at Interactive Brokers
OAuth at Interactive Brokers November 9, 2017 1 Consumer Registration Consumers will need to provide the following in order to register as an authorized oauth consumer with Interactive Brokers. 1. A 2048-bit
More informationOAuth 2.0 Guide. ForgeRock Access Management 5.5. ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA (US)
OAuth 2.0 Guide ForgeRock Access Management 5.5 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract Guide
More informationIf the presented credentials are valid server will respond with a success response:
Telema EDI REST API Telema EDI REST API allows client to send and receive document to and from Telema server. In order to use EDI REST API client must have correct channel configured in Telema system.
More informationdjango-oauth2-provider Documentation
django-oauth2-provider Documentation Release 0.2.7-dev Alen Mujezinovic Aug 16, 2017 Contents 1 Getting started 3 1.1 Getting started.............................................. 3 2 API 5 2.1 provider.................................................
More informationPowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility
PowerExchange for Facebook: How to Configure Open Authentication using the OAuth Utility 2013 Informatica Corporation. No part of this document may be reproduced or transmitted in any form, by any means
More informationImgur.API Documentation
Imgur.API Documentation Release 3.7.0 Damien Dennehy May 13, 2017 Contents 1 Quick Start 3 1.1 Get Image................................................ 3 1.2 Get Image (synchronously - not recommended).............................
More informationLogin with Amazon. Getting Started Guide for Websites
Login with Amazon Getting Started Guide for Websites Login with Amazon: Getting Started Guide for Websites Copyright 2017 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon
More informationJPX Data Cloud API Specifications
JPX Data Cloud API Specifications February 2015 TOKYO STOCK EXCHANGE Copyright 2015 Japan Exchange Group, Inc. All rights reserved. 1 API List User Authentication API No API Name Method URL 1User Authentication
More informationJava Relying Party API v1.0 Programmer s Guide
Java Relying Party API v1.0 Programmer s Guide 4 June 2018 Authors: Peter Höbel peter.hoebel@open-xchange.com Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by the ID4me
More informationBuilding the Modern Research Data Portal. Developer Tutorial
Building the Modern Research Data Portal Developer Tutorial Thank you to our sponsors! U. S. DEPARTMENT OF ENERGY 2 Presentation material available at www.globusworld.org/workshop2016 bit.ly/globus-2016
More informationSAS Event Stream Processing 4.3: Security
SAS Event Stream Processing 4.3: Security Enabling Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically,
More informationDJOAuth2 Documentation
DJOAuth2 Documentation Release 0.6.0 Peter Downs Sep 27, 2017 Contents 1 Important Links 1 2 What is DJOAuth2? 3 3 Why use DJOAuth2? 5 4 What is implemented? 7 5 Quickstart Guide 9 5.1 Requirements...............................................
More informationLogin with Amazon How-to Guide
PDF last generated: August 28, 2017 Login with Amazon How-to Guide Version 3.02 Last generated: August 28, 2017 Login with Amazon How-to Guide Page 1 PDF last generated: August 28, 2017 Copyright 2017
More informationLogin with Amazon. SDK for JavaScript v1.0 Reference
Login with Amazon SDK for JavaScript v1.0 Reference Login with Amazon: SDK for JavaScript Reference Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon and the Amazon logo
More informationAEM Mobile: Setting up Google as an Identity Provider
AEM Mobile: Setting up Google as an Identity Provider Requirement: Prerequisite knowledge Understanding of AEM Mobile Required Products AEM Mobile Google Account Generating the client ID and secret To
More informationETSI TS V ( )
TS 124 482 V14.3.0 (2018-04) TECHNICAL SPECIFICATION LTE; Mission Critical Services (MCS) identity management; Protocol specification (3GPP TS 24.482 version 14.3.0 Release 14) 1 TS 124 482 V14.3.0 (2018-04)
More informationCoveo Platform 7.0. Yammer Connector Guide
Coveo Platform 7.0 Yammer Connector Guide Notice The content in this document represents the current view of Coveo as of the date of publication. Because Coveo continually responds to changing market conditions,
More informationOAuth 2 and Native Apps
OAuth 2 and Native Apps Flows While all OAuth 2 flows can be used by native apps, only the user delegation flows will be considered in this document: Web Server, User-Agent and Device flows. The Web Server
More informationGitHub-Flask Documentation
GitHub-Flask Documentation Release 3.2.0 Cenk Altı Jul 01, 2018 Contents 1 Installation 3 2 Configuration 5 3 Authenticating / Authorizing Users 7 4 Invoking Remote Methods 9 5 Full Example 11 6 API Reference
More informationCreating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions
Creating relying party clients using the Nimbus OAuth 2.0 SDK with OpenID Connect extensions 2013-05-14, Vladimir Dzhuvinov Goals of the SDK Full implementation of the OIDC specs and all related OAuth
More informationBlack Box DCX3000 / DCX1000 Using the API
Black Box DCX3000 / DCX1000 Using the API updated 2/22/2017 This document will give you a brief overview of how to access the DCX3000 / DCX1000 API and how you can interact with it using an online tool.
More informationClearPass. ClearPass Extension Universal Authentication Proxy. ClearPass Extension Universal Authentication Proxy TechNote
ClearPass Extension Universal Authentication Proxy TechNote ClearPass Extension Universal Authentication Proxy ClearPass TechNote ClearPass Extension Universal Authentication Proxy - TechNote 1 ClearPass
More informationWeb Messaging Configuration Guide Document Version: 1.3 May 2018
Web Messaging Configuration Guide Document Version: 1.3 May 2018 Contents Introduction... 4 Web Messaging Benefits... 4 Deployment Steps... 5 1. Tag your brand site... 5 2. Request feature enablement...
More informationMediaAUTH Draft Proposal
MediaAUTH Draft Proposal August 21, 2012 Contents 1 Introduction 2 2 Service & User Perspective 2 2.1 Login...................................... 2 2.2 Soft Login.................................... 3
More informationLab 2 Third Party API Integration, Cloud Deployment & Benchmarking
Lab 2 Third Party API Integration, Cloud Deployment & Benchmarking In lab 1, you have setup the web framework and the crawler. In this lab, you will complete the deployment flow for launching a web application
More informationPacific Gas and Electric Company
Pacific Gas and Electric Company Functional & Technical Application Design Program Project Client SDK Python Development Guide Line of Business or Department Prepared by Bharati Vanganuru Date 05/22/2015
More informationSAS Event Stream Processing 4.2: Security
SAS Event Stream Processing 4.2: Security Encryption on Sockets Overview to Enabling Encryption You can enable encryption on TCP/IP connections within an event stream processing engine. Specifically, you
More informationSecuring APIs and Microservices with OAuth and OpenID Connect
Securing APIs and Microservices with OAuth and OpenID Connect By Travis Spencer, CEO @travisspencer, @curityio Organizers and founders ü All API Conferences ü API Community ü Active blogosphere 2018 Platform
More informationCassia Software Development Kit (SDK) for S1000, S1100, X1000 and E1000. Table of Contents
WHITE PAPER Cassia Software Development Kit (SDK) for S1000, S1100, X1000 and E1000 This document shows how you can use the Cassia SDK to integrate your Bluetooth end devices with the Cassia S1000, S1100,
More informationOpenID Connect 1.0 Guide
OpenID Connect 1.0 Guide ForgeRock Access Management 5 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract
More informationOAuth2lib. implementation
OAuth2lib http://tools.ietf.org/html/ietf-oauth-v2-08 implementation 24 Junio 2010 Índice de contenido Oauth2lib v05...1 Introduction...3 Documentation...4 OAuth2 Assertion Flow...4 Authorization Flow...4
More informationCisco Firepower Threat Defense REST API Guide
Americas Headquarters Cisco Systems, Inc. 170 West Tasman Drive San Jose, CA 95134-1706 USA http://www.cisco.com Tel: 408 526-4000 800 553-NETS (6387) Fax: 408 527-0883 THE SPECIFICATIONS AND INFORMATION
More informationOpenID Connect 1.0 Guide
OpenID Connect 1.0 Guide ForgeRock Access Management 5.5 ForgeRock AS 201 Mission St, Suite 2900 San Francisco, CA 94105, USA +1 415-599-1100 (US) www.forgerock.com Copyright 2011-2017 ForgeRock AS. Abstract
More informationCombination of the PEAP Protocol with EAP-OpenID Connect
University of Piraeus Department of Digital Systems Postgraduate Program «Digital Systems Security» Academic Year 2017-2018 (ΨΣ-ΑΦ-888) MSc Dissertation Combination of the PEAP Protocol with EAP-OpenID
More informationOAuth App Impersonation Attack
OAuth App Impersonation Attack HOW TO LEAK A 100-MILLION-NODE SOCIAL GRAPH IN JUST ONE WEEK? A REFLECTION ON OAUTH AND API DESIGN IN ONLINE SOCIAL NETWORKS Pili Hu & Prof. Wing Cheong Lau The Chinese University
More informationSymantec Endpoint Protection Manager Quick Integration Guide. for PacketFence version 7.4.0
Symantec Endpoint Protection Manager Quick Integration Guide for PacketFence version 7.4.0 Symantec Endpoint Protection Manager Quick Integration Guide by Inverse Inc. Version 7.4.0 - Jan 2018 Copyright
More informationTECHNICAL GUIDE SSO JWT. At 360Learning, we don t make promises about technical solutions, we make commitments.
1 TECHNICAL GUIDE SSO JWT At 360Learning, we don t make promises about technical solutions, we make commitments. This technical guide is part of our Technical Documentation. Version 1.4 2 360Learning is
More informationSingle Sign-On for PCF. User's Guide
Single Sign-On for PCF Version 1.2 User's Guide 2018 Pivotal Software, Inc. Table of Contents Table of Contents Single Sign-On Overview Installation Getting Started with Single Sign-On Manage Service Plans
More informationSAS Viya 3.3 Administration: Authentication
SAS Viya 3.3 Administration: Authentication Authentication: Overview...................................................................... 1 Authentication: How To........................................................................
More informationStorageGRID Webscale 11.0 Tenant Administrator Guide
StorageGRID Webscale 11.0 Tenant Administrator Guide January 2018 215-12403_B0 doccomments@netapp.com Table of Contents 3 Contents Administering a StorageGRID Webscale tenant account... 5 Understanding
More informationPrivacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras
Privacy and Security in Online Social Networks Department of Computer Science and Engineering Indian Institute of Technology, Madras Lecture 08 Tutorial 2, Part 2, Facebook API (Refer Slide Time: 00:12)
More informationfor Salesforce Question-to-Case Connector
for Salesforce Question-to-Case Connector Contents 2 Contents Cloud Help for Community Managers... 3 What is the Salesforce Question-to-Case Connector... 4 Setting up the Salesforce Question-to-Case Connector...5
More informationTechnical Overview. Version March 2018 Author: Vittorio Bertola
Technical Overview Version 1.2.3 26 March 2018 Author: Vittorio Bertola vittorio.bertola@open-xchange.com This document is copyrighted by its authors and is released under a CC-BY-ND-3.0 license, which
More informationHow to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client
How to set up VMware Unified Access Gateway with OPSWAT MetaAccess Client About This Guide... 2 Part 1: Enforce MetaAccess client installation... 3 Part 2: Enforce device compliance... 5 1 About This Guide
More informationGoogle GCP-Solution Architects Exam
Volume: 90 Questions Question: 1 Regarding memcache which of the options is an ideal use case? A. Caching data that isn't accessed often B. Caching data that is written more than it's read C. Caching important
More informationWeb Metrics at Scale: Using Base SAS to Access Google Analytics APIs
Paper SAS2120-2018 Web Metrics at Scale: Using Base SAS to Access Google Analytics APIs ABSTRACT Chris Hemedinger, SAS Institute Inc., Cary, NC With SAS 9.4M4 and later, it's finally easy (relatively speaking)
More information