Deyel implements the OAuth 2.0 standard to interact with its Rest API using a Bearer access token.
It is important to understand the concepts of authentication and authorization.
Authentication is defined as the process to verify who is connecting, that is, it refers to identification.
For example, when a user logs into an application by entering a username and password, the application authenticates that user. That is, the application verifies that the entered password matches the one associated with the user. As long as the password matches, the user can access the application. But if it doesn't match, the user is not allowed to log in because their ID could not be confirmed.
Authorization is defined as the process that verifies what the user has access to.
For example, in an application that offers different functionalities for free users and fee-paying users, free users are authorized to access only a limited set of functionalities until they pay the subscription and become users with better functionalities.
Registration of External Applications
In Deyel, applications that try to connect from an external environment are represented by a thing type user ”Rest API Client“. This means that in order to consume the resources exposed in Deyel Rest API, it is necessary to send the credentials of that user in order to authenticate and generate the corresponding access token, which must then be used for consumption by the different endpoints.
To configure a smart thing type user, it should be created from the "Configuration" option of the Deyel menu. A smart thing type user must be defined, configuring its properties to indicate name, user, type and permissions for each application.
The smart thing type user properties should be completed with the suggested values.
Name |
APIUSER |
User |
APIUSER |
Email address where the user receives the password. |
|
Type |
Rest API Client |
Product Type of License |
CRM Participant |
Product Type of License |
Deyel Participant |
Application Permission |
CRM Salesperson |
Application Permission |
Deyel End User |
Access Token Request Endpoint
To request the new access tokens and to access the different endpoints, it is necessary to first access the endpoint:
https://<ambiente>/oauth/token
To request the access token, the following configuration should be used:
•POST verb.
•Add parameters using the format:
"application/x-www-form-urlencoded".
•Access credentials ("client_id" and "client_secret") must be sent in “Basic xxxxxx” format where the xxxxxx represent Base64 encoded values.
•The parameters to be sent vary depending on the authorization flow, but the "grant_type" parameter must always be sent.
Deyel has an OAuth 2.0 module that is implemented internally and serves to perform user authorization and generates as a result a JWT token used to authorize.
Expiration and Renewal of Tokens
The generated access tokens are valid for 1 day, while the refresh tokens last for 14 days, users are asked to identify themselves again at the end of the period.
Information Stored in Tokens
The generated access token registers claims in the JWT body (payload): user code, organizational unit of the user and user permissions.
