Examples
User registration
Getting a Token
Fisrt, it is necessary to get a permission token with a permission to create an account (merchantKey has to have matching permissions). When releasing a token this way, a static token ID corresponding to the service or a procedure should be used to provide token refresh localization and the required security level.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/permission/issue-by-key' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"tokenId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"register"
],
"merchantKey": "LaImldSk4GjnwLK8a860fP1+k5TQgInXG3hoSvy+eUAWgyrMbvZC9Lpeeh37qN2cLkp3G9+/b+48rdWmtxOCAA=="
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"permissionToken": {
"permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1MjcyMSwiZXhwIjoxNjg4NDUzNjIxLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WVHFSrJbVRBX23XcIN0THQ2HDqA5pwD03tZuOeQLgpvcqwh0rV9dld-RZg4jvScpVqCXWGmlVPEH32uXJQ1tEms9dFEtGH-uXu1sXNIe-eeaCBQPu2qLkzhVCfgAaG1of7oVi_tKDNyZAeaakrMnDvac4iU62WrRFBCExeuc5eorqqE3biOG_jnwN83uWnYUINzsQAg9Cx89mbKk6B8iW3WUbLG4ixySwcjSRngclAJj33owKwtEfzYx58a7vSeahCNmsxCaP5a9_fXfFba9hYSTW285pL9n8imVyft4bnJ57nOX_GQ2yz-cAkllOs5AcJWtYzqhX3B6SM7zs-DQnZRVEehd9-jboB07sfhBo4j2mxtH7b36IqIJxWNhvNRvqBkBUv3PcIb_QVBmNNzpq5kITMiFz4Ouhs4xw8WiuFaQ3EOEJCmzqVQqvuWXqyrgk-P5GgE0Qa_VID6QBm6eLbeN_T3Zlf5leA_900l9TTYyR6Gzb5Eo78cupI1u1ojMqHquwvj7aYwLUVIvT1L6SVW8ABRoQ6qn6tmNdNFy20t4LhsSiulUXg1L2q64LsuNqGrOvPd6gMzSi9l4k72lBfeMiAtilVQFKQ3r7cLeXPPlcqRrUc8HMPpkEMU4BitzG-aR2-CU8czHPj6Ee2f0LLOJXCmT9cFrJCysrN-h5SA",
"issuer": "authorization-service",
"expiresAt": 1688453621
},
"permissionRefreshToken": {
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI2NzMwMjEzNC01ZWVjLTRmOGUtOTNmNi0wODhmY2I5MTE3YjQiLCJpYXQiOjE2ODg0NTI3MjEsImV4cCI6MTY4ODQ1OTkyMSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.xAp_6_IOkzLoMFyyo-y07Oav-b_S47gMvyutfhj9ZTXQZll5-hVSFyxVW8CcKEng8MUylfCEnfRBLruXnWmiMOoJCS8UGZighXEizMpUpHNTN5R63DacyhnSrM0nUeZ2khFnbaqHnDzT8qWB__KjD8Dm_mXdqRMK6ntB1czOjLlQggtVBU1m_8MysEySIQvBBL3rMwj-cYtscivA2ywxA9hWkP3j8wvdwxGZaQV2VBocPOjkD-3PWyZH6tTgatLKwhjgvh_a-9v_CZk_WZEy8HE1Pzis-Eug6XtWF0QeAOB6KjMOhroFNr0wrMZoorOlTWvPdPeK2BFF06-kDteR4MiE5faS_0G4O9zaOrRkuYO5AY6ea74Fv6JHvgCGibMjj0P9bl7vrY_aG_JWmZzIZxb3VFmHZzCIb4W-uFqiW5CLrXceB-SgoRjwGA_2a2p63-oJVhgJemOjQOcVaAauQsxRtbE5LBmjWfJTLzSMHwmB1k8C2JFvayzX2wxd5UxPBh5psv5etOotkYzdOQB4sT-_nAEYskyEaHfFJyxLmO0QKR_5RJLF_SkwgCiltmO3-ynIVgtp0xJaTre6fBv9i7vbGs75OB7kntAzSyRLwoxKqN41Jgpc9zbzAeeBWZB6FWndXY5VQ_C94M72OxdLV1pxoJyIJB6k0KClU7D7_sg",
"issuer": "authorization-service",
"expiresAt": 1688459921
}
}
}
To access account creation API a
permissionToken
is needed from this response, and for a periodic token update - apermissionRefreshToken
. It is expected that for security and optimization purposes, merchant key permission token is separated from the merchant's backend. Thus, it is expected that an activepermissionToken
exsists on the server at any moment.
Token refresh
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/permission/refresh' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiJkMDJjYjIxOC1hMThkLTQ4ZDAtYWZkOS00YTE0ZjFjZDFlYTEiLCJpYXQiOjE2ODg0NTQ0ODgsImV4cCI6MTY4ODQ2MTY4OCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.CNCsJncur9z5UHk90KrwWWYfmmNM56j5xNUjr8Rr4OmT5FjPHkjdj5l4fbzvCDHsNktAa6TWxRC4EExI7h4Sb-0dDDrPxDoO_IjtIfEwPUT9bjQp3oMQt4U4u_-tXJXO2bQ2tXYFsxIn0fsO4BEADECnNwZcGiw9ZkgwnkcQ9fsa2B5nc6toHF55JLLhOtrYyZgVkiFfP9bNAk6FCqOL4NyncHTx5lz2k0WE957WBgIORZre5gH9bqJSsHm6ZKDnVLilLH2YZP1wV3zS5RD9nChVKU5PqNhxjjFbD7SvZYaib18B7KKPYjBrx-QOQQVFHij0aaLcyClqveOBF-Fd9RradRspCayvy9h-KesItY0kmVrNZi1ZBJjG7ibs-CKBGWONp1N-7D_-HHDlyOsgi8xcxPF6pVNqTfiSZ4aHVEbEZvXBs645OD4d-Vg6Bzce3RiUaEE7hwXkHeZwQBYfS_lcFUe4Ilxbq13XzbknjZA9mEPvlA2bpo6Xqh1GkbcBDRzmBj5Ta9Q3lCJyIEDz-U42aVyRc4rscG0-OKshhooK2dhwk0aSD6GI7B96hXvpqszlJJ0lJJAhCj2sGWQqZ9_998m0spaXMn75bKeFGwMzE9r68jpKPq5Y2PGkWRP_flTPrdZj3-YC4u5ZM4dYnbBCAJZguOHaZZRw-ByiHoE"
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"permissionToken": {
"permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q",
"issuer": "authorization-service",
"expiresAt": 1688455409
},
"permissionRefreshToken": {
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI1YzBlYzQ5My1kZDRmLTRjNDYtOWUyMS1mOGEyMzk5YmUyMjQiLCJpYXQiOjE2ODg0NTQ1MDksImV4cCI6MTY4ODQ2MTcwOSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.BcQ0ZDcd2UePEtFuBpFklQPwUBkjB8_Av6poULy61zCpsxwuomMVRbJtn70PR5JonbeB1NoPABgTOhYMqdhUKwPxd2lN80wY3whT1uyMNttooXCkZbUskJOby_0ncrtHy76k0F4Cabb4Km1EVn9yE5jCTGDatgU1Y-yUWlxG2HiTA-Gjr86KO-gJFLLkgTanVD4XD3sneqTQTV4N01itnKw0Tm-igmB-aVhLBeko9pKtfGmpfd_IIrjCVaZ1Jsg5L9BOixWI0r4mWeV3uCIaR0kfFyMNCGgYj6lLJrXybOphXBFRuTOL16mWpnCsY_ztBqr_iEOkyeUdsWB9--QgXUi_Kl6hEb1_QGbPXjV5sqLFp9mDdmUL8yEP0VdRn2MkDuy8zWxp6U0yQxnPpUEuzRJbgn9u2cUp8jOvdGVsHfzeCK24YaDZRCO_IC8jjSNP5axAhq3vjBorw98Sk0iT2aS1BDa88Lzk5kAgd36NmHNskxUFSnxwrXsw65RsWaGH3XBeWgHHnsMN1sSF2SI4HtqdUrOxHqOxWpzGtDO7XkHbl4_vUYoc4jvHNjrDOH5vkq3ZawyihUX3CglW5hAfH82xrDPI-jEXurO8BI5FaoYGjL8ITbFEOEVpTc8oy3igL2yteXsCmm5QaR0yLRsdZ_SCXcXUkYB8fHxmh2h-P4M",
"issuer": "authorization-service",
"expiresAt": 1688461709
}
}
}
Response is similar to the original get tokens request. Previous permission refresh token is outdated now.
User creation with a credentials factor
In this request, user name and password are provided by an end-user, and a permission token is provided on client's backend.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/credentials' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1MjcyMSwiZXhwIjoxNjg4NDUzNjIxLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WVHFSrJbVRBX23XcIN0THQ2HDqA5pwD03tZuOeQLgpvcqwh0rV9dld-RZg4jvScpVqCXWGmlVPEH32uXJQ1tEms9dFEtGH-uXu1sXNIe-eeaCBQPu2qLkzhVCfgAaG1of7oVi_tKDNyZAeaakrMnDvac4iU62WrRFBCExeuc5eorqqE3biOG_jnwN83uWnYUINzsQAg9Cx89mbKk6B8iW3WUbLG4ixySwcjSRngclAJj33owKwtEfzYx58a7vSeahCNmsxCaP5a9_fXfFba9hYSTW285pL9n8imVyft4bnJ57nOX_GQ2yz-cAkllOs5AcJWtYzqhX3B6SM7zs-DQnZRVEehd9-jboB07sfhBo4j2mxtH7b36IqIJxWNhvNRvqBkBUv3PcIb_QVBmNNzpq5kITMiFz4Ouhs4xw8WiuFaQ3EOEJCmzqVQqvuWXqyrgk-P5GgE0Qa_VID6QBm6eLbeN_T3Zlf5leA_900l9TTYyR6Gzb5Eo78cupI1u1ojMqHquwvj7aYwLUVIvT1L6SVW8ABRoQ6qn6tmNdNFy20t4LhsSiulUXg1L2q64LsuNqGrOvPd6gMzSi9l4k72lBfeMiAtilVQFKQ3r7cLeXPPlcqRrUc8HMPpkEMU4BitzG-aR2-CU8czHPj6Ee2f0LLOJXCmT9cFrJCysrN-h5SA' \
-H 'Content-Type: application/json' \
-d '{
"username": "CoolUser",
"password": "A.1234567"
}'
User creation with email factor
Registration procedure with email contains two requests: sending email and code confirmation
In this request, email is provided by end-user, and a permission token is inserted on clients backend. As a result of this request, an email withv a confirmation code is sent to the provided address
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/email-intent' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q' \
-H 'Content-Type: application/json' \
-d '{
"email": "user@example.com"
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InV0aWxpdHlUb2tlblNjaGVtYSIsIm9wZXJhdGlvbklkIjoiMzIyN2I2ZDQtNDJkMy00YmI2LWE2NTItZTZiZmY1ODJjZWQ2IiwiaWF0IjoxNjg4NDU0OTMxLCJleHAiOjE2ODg0NTU4MzEsImlzcyI6ImF1dGhvcml6YXRpb24tc2VydmljZSJ9.F151syOYb7PFY96ACtpNIKKDxgmxKn50QoC96yEdldA"
}
}
A confirmation codein this request is provided by end-user from an email, and a utilityToken
comes from a previous request.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/email-confirm' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InV0aWxpdHlUb2tlblNjaGVtYSIsIm9wZXJhdGlvbklkIjoiMzIyN2I2ZDQtNDJkMy00YmI2LWE2NTItZTZiZmY1ODJjZWQ2IiwiaWF0IjoxNjg4NDU0OTMxLCJleHAiOjE2ODg0NTU4MzEsImlzcyI6ImF1dGhvcml6YXRpb24tc2VydmljZSJ9.F151syOYb7PFY96ACtpNIKKDxgmxKn50QoC96yEdldA",
"code": "123456"
}'
User creation with elliptic factor
Register a new account with an elliptic factor contains two requests: challenge generation and signature verification, returns a valid security token, which may be used to immediately acquire permissions
In this request, public key is provided by end-user, and a permission token is inserted on clients backend.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/elliptic-intent' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q' \
-H 'Content-Type: application/json' \
-d '{
"publicKey": "BCRSNBtz+mOicIpRtLJoGbTQTjrZ0/dDgUqEl67BvHG6zp6PQgydKcn7iASDTAflqQvLbyLdRbIfin37Le8k+00="
}'
{
"requestId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"data": {
"challenge": "DvRAlvVKsM3LNysZK1X0wPYd8hyOmQzjuJ6YxC08tDo=",
"utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"curve": "secp256k1"
}
}
A signature in this request is provided by end-user, and a utilityToken
comes from a previous request.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/elliptic-confirm' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InV0aWxpdHlUb2tlblNjaGVtYSIsIm9wZXJhdGlvbklkIjoiMzIyN2I2ZDQtNDJkMy00YmI2LWE2NTItZTZiZmY1ODJjZWQ2IiwiaWF0IjoxNjg4NDU0OTMxLCJleHAiOjE2ODg0NTU4MzEsImlzcyI6ImF1dGhvcml6YXRpb24tc2VydmljZSJ9.F151syOYb7PFY96ACtpNIKKDxgmxKn50QoC96yEdldA",
"signature": {
"recovery": 0,
"r": "string",
"s": "string"
}
}'
{
"requestId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"data": {
"expiresAt": 1687931292,
"issuer": "authorization-service",
"securityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c"
}
}
User creation with key factor
Registration procedure with an access key. In this request, the access key is provided by the end-user. As a result of the request, a security token is received, which can be used to aquire permissions.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/account/email-intent' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q' \
-H 'Content-Type: application/json' \
-d '{
"key": "FzJrbPkYSQhmZAfBzQohKENoqziHbyLSJ06lXM7+rmVf7ojlB8FD7tHbCFgnGvDp6uR+W+hRI4kh2Cabrr7Ibw=="
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"expiresAt": 1687931292,
"issuer": "authorization-service",
"securityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiaWF0IjoxNTE2MjM5MDIyfQ.SflKxwRJSMeKKF2QT4fwpMeJf36POk6yJV_adQssw5c",
"accountId": "3fa85f64-5717-4562-b3fc-2c963f66afa6"
}
}
Getting Client Permissions
Getting a client permission token involves the necessity of providing factors list, so it consists of several steps.
Factors Requirements Verification
Firstly, it is necessary to define a set of required permissions. For example, we take permission to read data and permission to use secret: [read, secert]
.
Then it is needed to determine a set of required security factors, it can be done with the following request:
This response means that for getting these permissions, it is enough to provide credentials factor or email factor. However, we can rely on knowledge of the service internal logic, because information about required factors is known in advance.
Getting security tokens
In this example, we are using credentialsFactor to get permissions:
{
"requestId": "224b9633-f85a-4849-a0a6-e3b85162704d",
"data": {
"securityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InNlY3VyaXR5VG9rZW5TY2hlbWEiLCJhY2NvdW50SWQiOiJhMzg3ODYyNy0wZDhlLTRmOWYtYWY0My0zODJlNTk5ZTFjOTIiLCJzZWN1cml0eUZhY3RvclR5cGUiOiJjcmVkZW50aWFscyIsImlhdCI6MTY4ODQ5MTU0NSwiZXhwIjoxNjg4NDkyNDQ1LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.DhkzmomS-7EzddiCdHtMawEJHbu3dmEj8PvwDe0ljFs",
"issuer": "authorization-service",
"expiresAt": 1688492445
}
}
Getting Permission Token
Then, we can request the permission token itself. When releasing a permission token that way, we should use user/device (depending on the type of session model), to provide token refresh localization and the required security level.
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/permission/issue-by-factors' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"tokenId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
"permissions": [
"read",
"secret"
],
"securityTokens": [
"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InNlY3VyaXR5VG9rZW5TY2hlbWEiLCJhY2NvdW50SWQiOiJhMzg3ODYyNy0wZDhlLTRmOWYtYWY0My0zODJlNTk5ZTFjOTIiLCJzZWN1cml0eUZhY3RvclR5cGUiOiJjcmVkZW50aWFscyIsImlhdCI6MTY4ODQ5MjczMywiZXhwIjoxNjg4NDkzNjMzLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WeusUjEBL35pjIkn4-m00P4X8SmFZIZJIpHvicD3ryU"
]
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"permissionToken": {
"permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6ImEzODc4NjI3LTBkOGUtNGY5Zi1hZjQzLTM4MmU1OTllMWM5MiIsIm1lcmNoYW50SWQiOiJiMTlkYzI3YS1hZjgxLTQzOTctYmUyNS03ZTExMTBmMDk3OWYiLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwic2VjcmV0Il0sImlhdCI6MTY4ODQ5Mjc1MCwiZXhwIjoxNjg4NDkzNjUwLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.NYRKdQZDw1FIlJk-Q3gM6iLCxqVMc_zu-88_nG1S3nd-x_ti6aA8V6Em5j3mDsH75bjNDU9mzNozJW446d3mV2C530ZDVj1JvcjW9HMLZD7Dz8kohaz-rWaNlNvdTDSfgxDI8rTQAaSNfhTjS1uH2RJl5dq2aeW8pIgPj6DkPiP28iCYbMCHlPo_SGzsDScYx_RJHKT9-skcD844zGW5QA2m_eJDTHtDedDc7DMGEXi0Jkok8WV-fN8Mc6THAo5AH7xELnETTmcf2I_rBQj3uDaYzNCfQ28VnvkgbIwn8YHWhR8i9SqpcGFhlohioBaWaMFllZvZMJzw4xTIEvDYDWuYFpkUBlBxn6eMATOazX0f1xW9oFeYcHqulK7awSQUCIF586YbSRpBm3Wd_6an2b7UP9B-yXIi7f_xu8hSJlTKt1AY07_S0wMbeM3JUWgRDLOX9RfOVtjMjXG99DXWLvLj1-LNI77829S-ajkT8d2ETrql6iFOxGiso-aVTJnujIl6SrPEeZHCpMSDyyG8bLsphYflqKmFGC3IVYaHAFz5p_FHjjZcqV_3uCdDQoHb965NhhJgPD8tkEItBEo0XO12OF8QYPPj2e4Rk1CBFBzUxB7-shnReIfV8hkukDfl5Sz_s6fPjSh_4YKouFrBrWH-ykmb6RRjg9MaOScdjwk",
"issuer": "authorization-service",
"expiresAt": 1688493650
},
"permissionRefreshToken": {
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiIzOGY4ZmNlOC02ZmJkLTQ3MWUtYmM3Yi04MmQxNWIxMmQ2YTYiLCJpYXQiOjE2ODg0OTI3NTAsImV4cCI6MTY4ODQ5OTk1MCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.Ts2ycUDfyHziLivjOtyonrGT50ejiipaX6ovmBFbTMXbPxNeF3pP5OxKDoSGgsl134jMlNKGLSw46Zk1xa69Wf8JA0-9mYlyYY2ZfQkh34L-ZmsouxOpRFGVSA9TTSWvWlLRYrT9Vrf4DiVVpnIAtXgUXt5R6a0F2Z-QQI238hwWdIGSD3Biol1E7Jrlhdc1FjVnYRilCQ5bNbmjD5IVbfKZEua3RlNQBqfR1OGevv8-tgkjxqkidm1WJRY7UUW3lV5JIsY6DpV1morOwTIFW28W-1y9RNKJZvbhWmt60CTkfXdOcjOrm6ZTaJvzjvhsPO85vAnKaq0ldzDDTREIJqqOZmI-jC6IfZvwhCGZY4zpnoj5a0r8GLQHos8m9qdIJ3bWyPAgJJJ3h77qZW2lLnGdVjRCXYxq_LkE9pZP7UCkgVPGxzlpZhC3Hv5t1eV3obwvfSPoMqrWQK5ON4P5J-FqWEvcyIyP5wGwj1w_5HE1oFA8LK48hQxyNcM48ZiO3g8WP6Hrh03YrvimfjpQQ076Jrm-mBE6Y5C9IinLJtXoEKwreDVWgIO-mDaR0z8lOBdvwx4tJchuL7t9XwaS9RjYOVRrChGDhXZlKyPpxN5BdiZXLWB0FVoLzHGKowGYedHu9nKYY82fCGE-oWf96T8VaPT4t9Gm3c_IS_MHtnU",
"issuer": "authorization-service",
"expiresAt": 1688499950
}
}
}
Resulting permissionToken
can be used for requests to cloud services.
Token Refresh
curl -X 'POST' \
'https://cloud.spatium.net/authorization/v1/api/permission/refresh' \
-H 'accept: application/json' \
-H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
-H 'Content-Type: application/json' \
-d '{
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiJkMDJjYjIxOC1hMThkLTQ4ZDAtYWZkOS00YTE0ZjFjZDFlYTEiLCJpYXQiOjE2ODg0NTQ0ODgsImV4cCI6MTY4ODQ2MTY4OCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.CNCsJncur9z5UHk90KrwWWYfmmNM56j5xNUjr8Rr4OmT5FjPHkjdj5l4fbzvCDHsNktAa6TWxRC4EExI7h4Sb-0dDDrPxDoO_IjtIfEwPUT9bjQp3oMQt4U4u_-tXJXO2bQ2tXYFsxIn0fsO4BEADECnNwZcGiw9ZkgwnkcQ9fsa2B5nc6toHF55JLLhOtrYyZgVkiFfP9bNAk6FCqOL4NyncHTx5lz2k0WE957WBgIORZre5gH9bqJSsHm6ZKDnVLilLH2YZP1wV3zS5RD9nChVKU5PqNhxjjFbD7SvZYaib18B7KKPYjBrx-QOQQVFHij0aaLcyClqveOBF-Fd9RradRspCayvy9h-KesItY0kmVrNZi1ZBJjG7ibs-CKBGWONp1N-7D_-HHDlyOsgi8xcxPF6pVNqTfiSZ4aHVEbEZvXBs645OD4d-Vg6Bzce3RiUaEE7hwXkHeZwQBYfS_lcFUe4Ilxbq13XzbknjZA9mEPvlA2bpo6Xqh1GkbcBDRzmBj5Ta9Q3lCJyIEDz-U42aVyRc4rscG0-OKshhooK2dhwk0aSD6GI7B96hXvpqszlJJ0lJJAhCj2sGWQqZ9_998m0spaXMn75bKeFGwMzE9r68jpKPq5Y2PGkWRP_flTPrdZj3-YC4u5ZM4dYnbBCAJZguOHaZZRw-ByiHoE"
}'
{
"requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
"data": {
"permissionToken": {
"permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q",
"issuer": "authorization-service",
"expiresAt": 1688455409
},
"permissionRefreshToken": {
"permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI1YzBlYzQ5My1kZDRmLTRjNDYtOWUyMS1mOGEyMzk5YmUyMjQiLCJpYXQiOjE2ODg0NTQ1MDksImV4cCI6MTY4ODQ2MTcwOSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.BcQ0ZDcd2UePEtFuBpFklQPwUBkjB8_Av6poULy61zCpsxwuomMVRbJtn70PR5JonbeB1NoPABgTOhYMqdhUKwPxd2lN80wY3whT1uyMNttooXCkZbUskJOby_0ncrtHy76k0F4Cabb4Km1EVn9yE5jCTGDatgU1Y-yUWlxG2HiTA-Gjr86KO-gJFLLkgTanVD4XD3sneqTQTV4N01itnKw0Tm-igmB-aVhLBeko9pKtfGmpfd_IIrjCVaZ1Jsg5L9BOixWI0r4mWeV3uCIaR0kfFyMNCGgYj6lLJrXybOphXBFRuTOL16mWpnCsY_ztBqr_iEOkyeUdsWB9--QgXUi_Kl6hEb1_QGbPXjV5sqLFp9mDdmUL8yEP0VdRn2MkDuy8zWxp6U0yQxnPpUEuzRJbgn9u2cUp8jOvdGVsHfzeCK24YaDZRCO_IC8jjSNP5axAhq3vjBorw98Sk0iT2aS1BDa88Lzk5kAgd36NmHNskxUFSnxwrXsw65RsWaGH3XBeWgHHnsMN1sSF2SI4HtqdUrOxHqOxWpzGtDO7XkHbl4_vUYoc4jvHNjrDOH5vkq3ZawyihUX3CglW5hAfH82xrDPI-jEXurO8BI5FaoYGjL8ITbFEOEVpTc8oy3igL2yteXsCmm5QaR0yLRsdZ_SCXcXUkYB8fHxmh2h-P4M",
"issuer": "authorization-service",т
"expiresAt": 1688461709
}
}
}
The response is similar to the original get tokens request. The previous permission refresh token is outdated now.