API Usage
2. Authentication
2. API Keys (Server-to-Server)

Authentication Flow Documentation

Overview

This documentation outlines the authentication flow for accessing our system's resources and managing user permissions through tenant roles. Our authentication flow ensures secure access to the system's APIs and allows users to perform actions based on their permissions.

Authentication

Step 1: User Login

Users initiate the authentication process by logging in with their username and password. They do this by making a POST request to the /auth/login endpoint. The endpoint requires the following parameters:

  • Method: POST
  • Endpoint: /auth/login
  • Headers:
  • Content-Type: application/json
  • Body:
{
  "username": "user@example.com",
  "password": "user_password"
}

Upon successful authentication, the server responds with a Bearer Token.

Step 2: Bearer Token

The Bearer Token is a JSON Web Token (JWT) that serves as a secure way to access protected resources within the system. Users must include this token in the Authorization header of their API requests to authenticate themselves.

Example Authorization Header:

Authorization: Bearer eyJhbGciOiJIUzUxMiJ9...<token_data>...H9ju9Ivgii5Oas307eQhVzKi_X6CufRcKezvj7xbzaU8abuqYBDLyg

Managing User Permissions

Tenant Roles

User permissions are managed through Tenant Roles. Each tenant can define their own roles with specific permissions. These roles determine what actions a user can perform within the system. A user can only create API keys that align with the permissions granted by their assigned role.

Creating Tenant Roles

To create a Tenant Role, you can use the following API endpoint:

curl -X 'POST' \
  'http://localhost:8080/api/v1/tenant/roles' \
  -H 'accept: application/json' \
  -H 'Authorization: Bearer <admin_bearer_token>' \
  -H 'Content-Type: application/json' \
  -d '{
    "tenantId": "<tenant_id>",
    "name": "<role_name>",
    "permissions": {
      "appPermissions": [
        "MANAGE_ROLES"
      ],
      "bsDDPermissions": [
        "CREATE_PRIMITIVES"
      ],
      "configuratorPermissions": [
        "CREATE_CONCEPTS"
      ],
      "projectsPermissions": [
        "CREATE_PROJECTS"
      ],
      "financePermissions": [
        "CREATE_CLIENTS"
      ],
      "materialsPermissions": [
        "CREATE_MATERIALS",
        "READ_MATERIALS"
      ],
      "productsPermissions": [
        "CREATE_PRODUCTS"
      ]
    }
  }'
  • Method: POST
  • Endpoint: /api/v1/tenant/roles
  • Headers:
  • accept: application/json
  • Authorization: Bearer <admin_bearer_token> (Authorization token for an admin user)
  • Content-Type: application/json
  • Body: Include the role name and specify permissions for various parts of the system.

In the example above, replace <admin_bearer_token>, <tenant_id>, and <role_name> with appropriate values.

This API call creates a new Tenant Role with the specified permissions for a given tenant.

Conclusion

Our authentication flow ensures secure access to our system's resources by using Bearer Tokens and allows you to manage user permissions efficiently through Tenant Roles. Customize the roles to grant users the specific permissions they need to perform their tasks within the system. If you have any questions or need further assistance, please contact our support team.

1. Bearer Tokens (Web and Mobile Apps)3. Roles and Permissions