RSJ LPS NG provides the following web services:
Parameter | Value |
---|---|
URL | /submit |
Method | POST |
Content-Type | multipart/form-data |
title | Job description for display |
format | Layout Id |
data | Data (in CSV, JSON, XML or Excel) |
callback | optional JSONP callback |
oauth_token | OAuth2 access token (if not specified in Authorization HTTP header in Oauth scheme) |
RSJ LPS NG uses the standard OAuth2 protocol to securely integrate muliple independed external application for a multitude of users.
RSJ LPS NG uses this authentication as basis for it's routing decisions
Developers can register an external application with RSJ LPS NG online by providing:
They will receive:
End users can online authorize external applications to use RSJ LPS NG on their behalve.
The external application provides the following information with the redirect:
Parameter | Value |
---|---|
URL | /authorize |
Method | GET |
client_id | Client Id (from application registration) |
response_type | code |
scope | full |
redir_uri | Redirect URI (must match URI in application registration) |
state | Optional context information for callback |
After succesfull authorization, the end user session is redirected to the external application with the following parameters:
The external application calls a webservice to exchanges the temporary authorization with the permanent refresh token by providing:
The external application permanently stores the refresh token for the end user
Parameter | Value |
---|---|
URL | /auth |
Method | POST |
grant_type | refresh_token |
refresh_token | Refresh token (from application authorization) |
Returns | JSON structure |
The external application must exchange the refresh token for an temporarily (60 minutes) valid access token before accessing RSJ LPS NG for an end user. It calls a webservice with:
It receives:
The external application includes this access token in its web service requests (in the Auth HTTP Header or as a parameter)
RSJ LPS NG associates the access token with the external application and the end user.
The access token can become invalid at any time (even before it is expired). In this case, an 401 error is returned and the external application must retrieve a new access token before retrying the failing request.
Parameter | Value |
---|---|
URL | /auth |
Method | POST |
grant_type | authorization_code |
code | Authorization code (from redirect) |
client_id | Client Id (from application registration) |
client_secret | Client Secret (from application registration) |
refresh_token | Refresh token (from application authorization) |
Returns | JSON structure |