External Application Integration
Web Services
RSJ LPS NG provides the following web services:
- Submit Print Job
Submit Print Job
| Parameter | Value |
|---|---|
| URL | /submit |
| Method | POST |
| Content-Type | multipart/form-data |
| title | Job description for display |
| format | Layout Id |
| data | Data (in CSV, JSON, XML or Excel) |
| callback | optional JSONP callback |
| oauth_token | OAuth2 access token (if not specified in Authorization HTTP header in Oauth scheme) |
Authentication
RSJ LPS NG uses the standard OAuth2 protocol to securely integrate muliple independed external application for a multitude of users.
RSJ LPS NG uses this authentication as basis for it's routing decisions
External Application Registration
Developers can register an external application with RSJ LPS NG online by providing:
- Application Name
- Application Description
- Application Icon
- Application Redirect URL
They will receive:
- Application Id
- Application Secret
External Application Authorization
End users can online authorize external applications to use RSJ LPS NG on their behalve.
End User View
- The user click on a link in the external application, which redirects them to the RSJ LPS NG sign on (if not already logged in) and then to the RSJ LPS NG authorization screen
- If the user accepts the application linkage, it is redirected back to the the external application where the authentication information is stored.
External Application View
The external application provides the following information with the redirect:
- Application Id (assigned during Application Registration)
- Callback URL (specified during Application Registration)
- Optional context information (for callback)
| Parameter | Value |
|---|---|
| URL | /authorize |
| Method | GET |
| client_id | Client Id (from application registration) |
| response_type | code |
| scope | full |
| redir_uri | Redirect URI (must match URI in application registration) |
| state | Optional context information for callback |
After succesfull authorization, the end user session is redirected to the external application with the following parameters:
- Context information (from redirect)
- Temporary authorization code (valid for 10 minutes)
The external application calls a webservice to exchanges the temporary authorization with the permanent refresh token by providing:
- Temporary authorization code
- Application id
- Application Secret
- Callback URL
The external application permanently stores the refresh token for the end user
| Parameter | Value |
|---|---|
| URL | /auth |
| Method | POST |
| grant_type | refresh_token |
| refresh_token | Refresh token (from application authorization) |
| Returns | JSON structure |
External Application Requests
The external application must exchange the refresh token for an temporarily (60 minutes) valid access token before accessing RSJ LPS NG for an end user. It calls a webservice with:
- Refresh token
It receives:
- Temporary (60 minutes) access token
The external application includes this access token in its web service requests (in the Auth HTTP Header or as a parameter)
RSJ LPS NG associates the access token with the external application and the end user.
The access token can become invalid at any time (even before it is expired). In this case, an 401 error is returned and the external application must retrieve a new access token before retrying the failing request.
| Parameter | Value |
|---|---|
| URL | /auth |
| Method | POST |
| grant_type | authorization_code |
| code | Authorization code (from redirect) |
| client_id | Client Id (from application registration) |
| client_secret | Client Secret (from application registration) |
| refresh_token | Refresh token (from application authorization) |
| Returns | JSON structure |
