You are here

You are here

API User Authentication Flow

API User Authentication flow is intended to be used by back end batch operations for which there is not an end user that authenticates to the API.  With API user authentication, a client id is mapped to an API user and then is used in place of a SpringCM refresh token to obtain a SpringCM REST API access token.  To use this form of authentication the following setup is required:

1. An API User is created in the SpringCM address book and given the desired role and security groups needed for the API calls.  Note that once a user is made an API user, it cannot be undone, so actual users of the SpringCM application should never be created as an API user.

2. The API user is mapped to a client id in SpringCM Preferences.  To create the mapping, navigate to Preferences->REST API in the SpringCM user interface.  In the API User Mappings section your client id can be mapped to the API user created in Step 1.  Note that a single Client Id can be mapped to one and only one API User.  

After the mapping is created, API user authentication can be used by posting the mapped client id along with the corresponding client secret to the API User Authentication Endpoint.  The access token endpoint for the API User Authentication Flow and sample JSON request/response are shown below:

Production API User Authentication Endpoint

https://auth.springcm.com/api/v201606/apiuser

UAT API User Authentication Endpoint

https://authuat.springcm.com/api/v201606/apiuser

API User Authentication - Sample Request

headers:  Accept: 'application/json', Content-Type: application/json 
uri: https://auth.springcm.com/api/v201606/apiuser
method: POST
json:
{
  "client_id": [Client Id mapped to an API User],
  "client_secret": [Client secret pair for the Client Id]
}

API User Authentication - Sample Response

{
  "access_token": [access token that can be used immediately],
  "token_type": "bearer",
  "expires_in": "[number of seconds before the access token expires]",
  "api_base_url": "[base url for the object api]"
}

The access token can now be used to access the API.  It must be passed in the Authorization header for all calls to the Object, Task and Content API.  When passing it must be prefixed with “bearer” as shown below:

Authorization: bearer [your access token]