Authenticator API
For bots and other on-premise processes to authenticate. Once\nauthenticated, the bot will be able to use the methods described in\nserviceAPI.yaml and agentAPI.yaml.\n\nConnections to the servers will be over\nclient authenticated TLS, the servers for this API will perform the\nauthentication by inspecting the certificate presented by the\nSSLSocketClient.\n\nThere will be two implementations of this API, one on your Pod\nand one on the Key Manager. In order to fully authenticate,\nan API client will have to call both of these implementations\nand pass both of the session tokens returned as headers in all\nsubsequent requests to the Symphony API.\n
Version: current
All rights reserved
http://apache.org/licenses/LICENSE-2.0.html
Access
[ Jump to Models ]
Table of Contents
post /v1/authenticate/extensionApppost /v1/authenticateget /v1/app/pod/certificate
Up
post /v1/authenticate/extensionApp
Authenticate a client-extension application (v1AuthenticateExtensionAppPost)
Based on the application's SSL client certificate presented by the TLS layer, it authenticates the client-extension\napplication and return a symphony verification token.\n
Consumes
This API call consumes the following media types via the
Content-Type request header:
Request body
authRequest (required)
Body Parameter — application generated token
Return type
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK.
400
Request object is invalid
401
Client is unauthorized to access this resource
403
Forbidden to access this endpoint .
500
Server error, see response body for further details.
Authenticate. (v1AuthenticatePost)
Based on the SSL client certificate presented by the TLS layer, authenticate\nthe API caller and return a session token.\n
Return type
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK.
400
Client error.
403
Forbidden: Certificate authentication is not allowed for the requested user.
500
Server error, see response body for further details.
Up
get /v1/app/pod/certificate
Retrieve the certificate that can be use to validate the JWT token obtain\nthrough the extension application authentication flow.\n (v1AppPodCertificateGet)
Return type
Produces
This API call produces the following media types according to the request header;
the media type will be conveyed by the
Content-Type response header.
Responses
200
OK
401
Client is unauthorized to access this resource
500
Server error, see response body for further details.
[ Jump to Methods ]
Table of Contents
AuthenticateRequestErrorExtensionAppTokensPodCertificateToken
appToken
String application generated token
code
Integer
message
String
appId
String Application ID
appToken
String This token generated by the application when calling authentication endpoint\n
symphonyToken
String This token generated by Symphony and should be used by the application to verify that it's talking to Symphony.\n
expireAt
Long unix timestamp when the token expired
certificate
String Certificate in PEM format
name
String The name of the header in which the token should be presented on subsequent\nAPI calls.\n
token
String The token which should be passed. This should be considered opaque data by\nthe client. It is not intended to conatain any data interpretable by the\nclient. The format is secret and subject to change without notice.\n