i

Please enable JavaScript to view this site.

Documentation 8.7

Deyel implements the OAuth 2.0 standard to interact with its Rest API using a Bearer access token.

 

It is important to understand the concepts of authentication and authorization.

 

Authentication is defined as the process to verify who is connecting, that is, it refers to identification.

 

For example, when a user logs into an application by entering a username and password, the application authenticates that user. That is, the application verifies that the entered password matches the one associated with the user. As long as the password matches, the user can access the application. But if it doesn't match, the user is not allowed to log in because their ID could not be confirmed.

 

Authorization is defined as the process that verifies what the user has access to.

 

For example, in an application that offers different functionalities for free users and fee-paying users, free users are authorized to access only a limited set of functionalities until they pay the subscription and become users with better functionalities.

Registration of External Applications

 

In Deyel, applications that try to connect from an external environment are represented by a thing type user ”Rest API Client“. This means that in order to consume the resources exposed in Deyel Rest API, it is necessary to send the credentials of that user in order to authenticate and generate the corresponding access token, which must then be used for consumption by the different endpoints.

 

To configure a smart thing type user, it should be created from the "Configuration" option of the Deyel menu. A smart thing type user must be defined, configuring its properties to indicate name, user, type and permissions for each application.

 

 

V0008 - H&M_ManUsu_ApiRestCapturasIV_img1

 

 

The smart thing type user properties should be completed with the suggested values.

 

 

Name

APIUSER

User

APIUSER

Email

Email address where the user receives the password.

Type

Rest API Client

Product

Type of License

CRM

Participant

Product

Type of License

Deyel

Participant

Application

Permission

CRM

Salesperson

Application

Permission

Deyel

End User

Access Token Request Endpoint

 

To request the new access tokens and to access the different endpoints, it is necessary to first access the endpoint:

 

https://<ambiente>/oauth/token

 

To request the access token, the following configuration should be used:

 

POST verb.

Add parameters using the format:

  "application/x-www-form-urlencoded".

Access credentials ("client_id" and "client_secret") must be sent in “Basic xxxxxx” format where the xxxxxx represent Base64 encoded values.

The parameters to be sent vary depending on the authorization flow, but the "grant_type" parameter must always be sent.

 

Deyel has an OAuth 2.0 module that is implemented internally and serves to perform user authorization and generates as a result a JWT token used to authorize.

Expiration and Renewal of Tokens

 

The generated access tokens are valid for 1 day, while the refresh tokens last for 14 days, users are asked to identify themselves again at the end of the period.

Information Stored in Tokens

 

The generated access token registers claims in the JWT body (payload): user code, organizational unit of the user and user permissions.

Send us your comments
Share on X Share on Linkedin Send by Email Print