WStore Programmer Guide
API Authentication and authorization
Agenda
1. Introduction
2. API Authentication and authorization
WStore Programmer Guide
INTRODUCTION
Introduction
The programmer guide contains a description of the actions
that can be performed by a developer, in order to integrate
WStore capabilities with her solution using WStore API.
WStore Programmer Guide
API AUTHENTICATION
AND AUTHORIZATION
API Athentication and authorization
WStore API requires users to be authenticated and requires them to
authorize developer’s application in order to access WStore API in their
name. To perform this process WStore uses an OAuth2 approach.
Depending on the authorization mode of the WStore instance there are
two possible ways for API authorization. If the WStore instance is using
an idM GE, the developer application should include a valid token obtained
from the idM in all the related requests.
API Athentication and authorization
In case the WStore instance uses it own authentication mechanism the
developer should follow the following process.
The first step consist on user authentication and application
authorization. Note that the application should be registered in WStore in
order to have aclient_id and a client_secret. To perform this step is
necessary to make the following request:
GET /oauth2/auth HTTP/1.1
Accept: application/json
This request must include the following params.
– client_id: Id of the application in WStore
– redirect_uri: URI where WStore redirects when the call finishes
– response_type
API Athentication and authorization
When this request is performed the user is redirected to a page where
the user can log in
and authorize the application
API Athentication and authorization
Once the user has authorized the application, an authorization code is
returned to the redirect_uri provided.
The next step is to acquire the access token. To perform this step, it is
necessary to make the following request:
POST /oauth2/token HTTP/1.1
This request must include the following params:
–
–
–
–
–
client_id: Id of the application in WStore
client_secret: Secret of the application in WStore
grant_type
code: Authorization code provided in the previous step
redirect_uri: URI where WStore redirects when the call finishes
API Athentication and authorization
WStore responds to this request providing an access and a refresh
token. The access token must be included as a header in all API requests,
and the refresh token is used to acquire a new access token in case it
expires.
To refresh the access token is necessary to make the following request:
POST /oauth2/token HTTP/1.1
This request must include the following params:
–
–
–
–
client_id: Id of the application in WStore
client_secret: Secret of the application in WStore
grant_type
refresh_token: refresh token provided in the previous step
Thanks!