You are here

You are here

SpringCM API's and Single Sign On

SpringCM has both a SOAP API and REST API, and both must be authenticated to. An API user can be used, but often times it is desirable to connect to the API in the context of a logged in user. Most users configured for SSO do not have passwords, and even if they did, it is not desirable to have to prompt and/or store a password for an end user to connect to the API with. Instead, SpringCM offers 3 options to securely connect to the API in the context of an end user:

  • Salesforce SSO - SpringCM's proprietary Salesforce SSO functionality is exposed in the REST API via the Salesforce Client Flow authentication method.  
  • OAuth 2.0 - SpringCM supports OAuth 2.0. With the SpringCM OAuth 2.0 Web Server Flow authentication method, end user's are prompted to authorize a 3rd party application to connect to the API as that user. The OAuth authorization screen is a secure SpringCM resource and can be authenticated to with either password or SAML 2.0. An OAuth authorization token must always be validated against the REST API and which point a REST access token is received. 
  • SpringCM User Keys - SpringCM custom menu buttons can be configured to pass a user key to an external URL. The user key can then be used to authenticate with User Keys `to the SOAP API. User keys cannot be used with the REST API. SpringCM user keys are a proprietary solution for enabling a third party application to authenticate to the SOAP API in the context of the logged in user.

Note that calling a configured SAML Identity Provider to participate in API authentication is not supported, as it is primarily a browser based protocol. However SAML can still can be leveraged indirectly as it can be used to authenticate the user to the SpringCM UI and then generate an OAuth token or user key to connect to the API in the context of that user.