3rd Party API
3rd Party API of C1, provides mechanism to manage authentication over C1 portal and manage companies over C1 portal. We propose an authentication mechanize based on "OAuth 2" for 3rd party API of C1 portal. In order to use this API, customer will be asked to generate a password and upload its (singed) SSL certificate via c1 portal for using authentication services
Authentication:
Authentication will be done with HTTP using Basic Authentication(identifier and password pair) and SSL Client Certificate.
Response for successful requests will be included 2 tokens:
- access_token: Short lived token to grant access REST APIs. It's lifetime is 1 hour (TBD).
- refresh_token: Long lived token to refresh access tokens. Please see section "Refresh Token" for usage. It's lifetime is 7 days (TBD).
Usage of Access Token:
Access token shall be placed header of the each API requests.:
- c1_access_token: eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWV9.TJVA95OrM7E2cBab30RMHrHDcEfxjoYZgeFONFh7HgQ
Please see "Validate Access Token" for access token validation.
Refresh Token(
If an access token expires, clients can use this endpoint with refresh token in order to generate new access tokens.
Validate Access Token (
Not a public endpoint (TBD). ITSM and other C1 Platform servers can use this endpoint to validate their access tokens.
Response: TBA
Execution
Sample execution can be handled via Postman Application.
Header part can be handled via Postman Application