1. Fabrick
  2. Authentication
  3. Mediated Access - Embedded

Mediated Access - Embedded

This scenario requires the interaction of your system with the Fabrick Platform Authentication APIs before engaging any interaction with other producers' APIs in order to obtain an AuthToken that allows you to provide proof of authentication that your user is actually requesting the operation you are about to perform.


In this scenario you will be required to manage two security elements:

  • APIKey An application key, in the form of a 34-byte base-64 alphanumeric string, like 4MSI5FGCXK5UVV2U487A08OZH4NHCHTKS.
  • AuthToken An authentication token, in the form of a 256-byte base-64 alphanumeric string, like 634a3b26dd4f...2cPWqcZVUfG01D2. Each AuthToken is generated by following the instructions illustrated in Step 1 (see below figure).

 

The following diagram describes the interaction between the three main actors:

 

 

Step 1. Authentication request
This step is required to obtain the AuthToken for the user that requires access to one or more of his/her products/services.

Each API request must be issued by specifing the following headers:

Content-Type: 'application/json'
Auth-Schema: 'S2S'
Api-Key: '{Third Party APIKey}'

 

To require a new AuthToken, you must invoke the POST Create AuthToken API, passing the correct producerId:

Initial call to POST Create Token

Request:
POST https://api.platfr.io/api/fabrick/platform/v3.0/s2s-auth/producers/{producerId}/auth-tokens

Body: 
{}

 

The request of a new AuthToken is a multi-step process that depends on the engaged producer. The request workflow requires multiple subsequent invocations of POST Create AuthToken. Each invocation of POST Create AuthToken will provide the appropiate "instructions" coded in the response on how to proceed in the following step. 

Each intermediate response of POST Create AuthToken is structured as follows:

Intermediate response from POST Create Token
                        
HTTP/1.1 200 OK

{
    "status": "OK",
    "errors": [],
    "payload": {
        "status": "NOT_AUTH",
        "authParams": [
            {
                "key" : "Challenge",
                "value" : null
            },
            ...
        ],
        "authToken": null,
        "flowToken": "FlowToken"
    }
}

The status field in the payload is NOT_AUTH, i.e., a user authentication is requested.

The authParams field provides one or more challenges to which the user must answer in order to obtain the AuthToken.

The authToken field is still empty, since the process is still ongoing.

The flowToken field provides a FlowToken that must be used to chain all the subsequent invocations to POST Create AuthToken. Please note that the FlowToken is a variable-length alphanumeric string, and changes for each challenge-response iteration.

 

The next invocation to POST Create AuthToken must provide the correct answers to the challenges, such as:

Intermediate call to POST Create Token

Request:
POST https://api.platfr.io/api/fabrick/platform/v3.0/s2s-auth/producers/{producerId}/auth-tokens

Body:
{
    "flowToken": "FlowToken",
    "data": [
        {
            "key": "Challenge",
            "value": "ChallengeResponse"
        },
        ...
    ]
}

The sequence of calls to POST Create AuthToken is expected to take place by repeating such challenge-response mechanism based on specific rules depending by the selected producer.

The status field will remain NOT_AUTH until the challenge-response sequence is completed.

 

Once the challenge-response sequence has finished, the final response of POST Create AuthToken is structured as follows:

Final response from POST Create Token

HTTP/1.1 200 OK

{
    "status": "OK",
    "errors": [],
    "payload": {
        "status": "AUTH",
        "authParams": [],
        "authToken": "AuthToken",
        "flowToken": null
    }
}

The status field is now AUTH, indicating that the user has been correctly authenticated by the producer. The authToken field value is the AuthToken required to proceed in the following steps.



Step 2. Setting user permissions
Once you have obtained the AuthToken for your user, you must invoke the PUT User Permissions API in order to enable the access of your authenticated user to the set of API endpoints that you will invoke on his/her behalf.

From now on, each API request must be issued by specifing the following headers:

Content-Type: 'application/json'
Auth-Schema : 'S2S-AUTH'
Api-Key: '{Third Party APIKey}'
Auth-Token: '{User AuthToken}'

 

Calling PUT User Permissions to enable authenticated operations

Request:
PUT https://api.platfr.io/api/fabrick/platform/v3.0/s2s-auth/producers/{producerId}/user-permissions

Body: 
{
    "authToken": "AuthToken"
}

Response:

HTTP/1.1 200 OK
{
    "status": "OK",
    "errors": [],
    "payload": {}
}


Step 3. Authenticated operation
Once you have set the permissions for your user, you can invoke the APIs required to perform the correct operation.

Please remember that the headers of each call must be as documented in Step 2.

Are you in need of more information
on our services?



Contact us