Token Validation Service
Introduction:
3rd Party Authentication and Authorization API provides a security mechanism similar to OAuth2 standard. With this mechanism client APIs can access C1 Platform Resources in a secure way.
There are some prerequisites before usage of this API.
-
Client API credentials. Credentials will be provided by the C1 team. The credentials shall be used for HTTP Basic Authentication of endpoints.
-
Resource owner credentials. Credentials shall be used for login endpoint. Username/password and TLS Client Certificate Verification.
First clients need to obtain access and refresh tokens via login endpoint. With access token clients can access protected resources. Please see section "Usage Of Access Token" to use access tokens.
For testing purposed on Preview Environment following credentials is created.
|
|
On order to access Authentication API TLS Client Certificate Verification is also performed. Therefore the test certificate must be shared with Comodo to grad access.Access tokens are short lived tokens. Therefore they expire quickly. New access tokens can be obtained without resource owner credentials via renew endpoint. Refresh tokens are used to create new access tokens. Refresh tokens are long lived tokens and can be persisted for longer use. They are critical for the security of protected resources. Because of that please store them in a secure way and do not share them with any other 3rd parties.
For details of the transactions for authentication API please look at 3rd Party API
Token Validation Service:
|
Endpoint |
https://api.one.comodo.com/auth/validate |
|
Method |
GET |
|
Authentication |
HTTP Basic (Client API Credentials) |
|
Content-Type |
JSON (application/json) |
Descriptions:
|
REQUEST |
|||
|
NAME |
TYPE |
REQUIRED |
DESCRIPTIONS |
|
accessToken |
string |
required |
|
|
RESPONSE |
|||
|
NAME |
TYPE |
REQUIRED |
DESCRIPTIONS |
| id |
string |
required |
access token identifier for internal use |
|
issuer |
string |
required |
Always c1portal |
|
requestedBy |
string |
required |
Client API Identifier |
|
customerId |
string |
required |
MSP/Enterprise ID |
|
expiresAt |
integer (UNIX Timestamp) |
required |
Expiration date of the access token |
|
issuedAt |
integer (UNIX Timestamp) |
required |
Issue date of the access token |
|
tokenType |
string |
required |
Always bearer |
|
scope |
Object (key/value) |
required |
Key value pairs. Contains granted scopes. |
| HTTP CODE | METHOD | DESCRIPTIONS |
|
401 |
Not authorized |
Client credentials or access token is invalid. |
| 402 | Invalid request |
Request parameters are missing or invalid. |
Execution
Sample execution can be handled via Postman Application.
Header part can be handled via Postman Application
(973) 859 4000 ext 3025
