Examples

User registration

Getting a Token

Fisrt, it is necessary to get a permission token with a permission to create an account (merchantKey has to have matching permissions). When releasing a token this way, a static token ID corresponding to the service or a procedure should be used to provide token refresh localization and the required security level.

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/permission/issue-by-key' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "tokenId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "permissions": [
    "register"
  ],
  "merchantKey": "LaImldSk4GjnwLK8a860fP1+k5TQgInXG3hoSvy+eUAWgyrMbvZC9Lpeeh37qN2cLkp3G9+/b+48rdWmtxOCAA=="
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "permissionToken": {
      "permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1MjcyMSwiZXhwIjoxNjg4NDUzNjIxLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WVHFSrJbVRBX23XcIN0THQ2HDqA5pwD03tZuOeQLgpvcqwh0rV9dld-RZg4jvScpVqCXWGmlVPEH32uXJQ1tEms9dFEtGH-uXu1sXNIe-eeaCBQPu2qLkzhVCfgAaG1of7oVi_tKDNyZAeaakrMnDvac4iU62WrRFBCExeuc5eorqqE3biOG_jnwN83uWnYUINzsQAg9Cx89mbKk6B8iW3WUbLG4ixySwcjSRngclAJj33owKwtEfzYx58a7vSeahCNmsxCaP5a9_fXfFba9hYSTW285pL9n8imVyft4bnJ57nOX_GQ2yz-cAkllOs5AcJWtYzqhX3B6SM7zs-DQnZRVEehd9-jboB07sfhBo4j2mxtH7b36IqIJxWNhvNRvqBkBUv3PcIb_QVBmNNzpq5kITMiFz4Ouhs4xw8WiuFaQ3EOEJCmzqVQqvuWXqyrgk-P5GgE0Qa_VID6QBm6eLbeN_T3Zlf5leA_900l9TTYyR6Gzb5Eo78cupI1u1ojMqHquwvj7aYwLUVIvT1L6SVW8ABRoQ6qn6tmNdNFy20t4LhsSiulUXg1L2q64LsuNqGrOvPd6gMzSi9l4k72lBfeMiAtilVQFKQ3r7cLeXPPlcqRrUc8HMPpkEMU4BitzG-aR2-CU8czHPj6Ee2f0LLOJXCmT9cFrJCysrN-h5SA",
      "issuer": "authorization-service",
      "expiresAt": 1688453621
    },
    "permissionRefreshToken": {
      "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI2NzMwMjEzNC01ZWVjLTRmOGUtOTNmNi0wODhmY2I5MTE3YjQiLCJpYXQiOjE2ODg0NTI3MjEsImV4cCI6MTY4ODQ1OTkyMSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.xAp_6_IOkzLoMFyyo-y07Oav-b_S47gMvyutfhj9ZTXQZll5-hVSFyxVW8CcKEng8MUylfCEnfRBLruXnWmiMOoJCS8UGZighXEizMpUpHNTN5R63DacyhnSrM0nUeZ2khFnbaqHnDzT8qWB__KjD8Dm_mXdqRMK6ntB1czOjLlQggtVBU1m_8MysEySIQvBBL3rMwj-cYtscivA2ywxA9hWkP3j8wvdwxGZaQV2VBocPOjkD-3PWyZH6tTgatLKwhjgvh_a-9v_CZk_WZEy8HE1Pzis-Eug6XtWF0QeAOB6KjMOhroFNr0wrMZoorOlTWvPdPeK2BFF06-kDteR4MiE5faS_0G4O9zaOrRkuYO5AY6ea74Fv6JHvgCGibMjj0P9bl7vrY_aG_JWmZzIZxb3VFmHZzCIb4W-uFqiW5CLrXceB-SgoRjwGA_2a2p63-oJVhgJemOjQOcVaAauQsxRtbE5LBmjWfJTLzSMHwmB1k8C2JFvayzX2wxd5UxPBh5psv5etOotkYzdOQB4sT-_nAEYskyEaHfFJyxLmO0QKR_5RJLF_SkwgCiltmO3-ynIVgtp0xJaTre6fBv9i7vbGs75OB7kntAzSyRLwoxKqN41Jgpc9zbzAeeBWZB6FWndXY5VQ_C94M72OxdLV1pxoJyIJB6k0KClU7D7_sg",
      "issuer": "authorization-service",
      "expiresAt": 1688459921
    }
  }
}

To access account creation API a permissionToken is needed from this response, and for a periodic token update - a permissionRefreshToken. It is expected that for security and optimization purposes, merchant key permission token is separated from the merchant's backend. Thus, it is expected that an active permissionToken exsists on the server at any moment.

Token refresh

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/permission/refresh' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiJkMDJjYjIxOC1hMThkLTQ4ZDAtYWZkOS00YTE0ZjFjZDFlYTEiLCJpYXQiOjE2ODg0NTQ0ODgsImV4cCI6MTY4ODQ2MTY4OCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.CNCsJncur9z5UHk90KrwWWYfmmNM56j5xNUjr8Rr4OmT5FjPHkjdj5l4fbzvCDHsNktAa6TWxRC4EExI7h4Sb-0dDDrPxDoO_IjtIfEwPUT9bjQp3oMQt4U4u_-tXJXO2bQ2tXYFsxIn0fsO4BEADECnNwZcGiw9ZkgwnkcQ9fsa2B5nc6toHF55JLLhOtrYyZgVkiFfP9bNAk6FCqOL4NyncHTx5lz2k0WE957WBgIORZre5gH9bqJSsHm6ZKDnVLilLH2YZP1wV3zS5RD9nChVKU5PqNhxjjFbD7SvZYaib18B7KKPYjBrx-QOQQVFHij0aaLcyClqveOBF-Fd9RradRspCayvy9h-KesItY0kmVrNZi1ZBJjG7ibs-CKBGWONp1N-7D_-HHDlyOsgi8xcxPF6pVNqTfiSZ4aHVEbEZvXBs645OD4d-Vg6Bzce3RiUaEE7hwXkHeZwQBYfS_lcFUe4Ilxbq13XzbknjZA9mEPvlA2bpo6Xqh1GkbcBDRzmBj5Ta9Q3lCJyIEDz-U42aVyRc4rscG0-OKshhooK2dhwk0aSD6GI7B96hXvpqszlJJ0lJJAhCj2sGWQqZ9_998m0spaXMn75bKeFGwMzE9r68jpKPq5Y2PGkWRP_flTPrdZj3-YC4u5ZM4dYnbBCAJZguOHaZZRw-ByiHoE"
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "permissionToken": {
      "permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q",
      "issuer": "authorization-service",
      "expiresAt": 1688455409
    },
    "permissionRefreshToken": {
      "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI1YzBlYzQ5My1kZDRmLTRjNDYtOWUyMS1mOGEyMzk5YmUyMjQiLCJpYXQiOjE2ODg0NTQ1MDksImV4cCI6MTY4ODQ2MTcwOSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.BcQ0ZDcd2UePEtFuBpFklQPwUBkjB8_Av6poULy61zCpsxwuomMVRbJtn70PR5JonbeB1NoPABgTOhYMqdhUKwPxd2lN80wY3whT1uyMNttooXCkZbUskJOby_0ncrtHy76k0F4Cabb4Km1EVn9yE5jCTGDatgU1Y-yUWlxG2HiTA-Gjr86KO-gJFLLkgTanVD4XD3sneqTQTV4N01itnKw0Tm-igmB-aVhLBeko9pKtfGmpfd_IIrjCVaZ1Jsg5L9BOixWI0r4mWeV3uCIaR0kfFyMNCGgYj6lLJrXybOphXBFRuTOL16mWpnCsY_ztBqr_iEOkyeUdsWB9--QgXUi_Kl6hEb1_QGbPXjV5sqLFp9mDdmUL8yEP0VdRn2MkDuy8zWxp6U0yQxnPpUEuzRJbgn9u2cUp8jOvdGVsHfzeCK24YaDZRCO_IC8jjSNP5axAhq3vjBorw98Sk0iT2aS1BDa88Lzk5kAgd36NmHNskxUFSnxwrXsw65RsWaGH3XBeWgHHnsMN1sSF2SI4HtqdUrOxHqOxWpzGtDO7XkHbl4_vUYoc4jvHNjrDOH5vkq3ZawyihUX3CglW5hAfH82xrDPI-jEXurO8BI5FaoYGjL8ITbFEOEVpTc8oy3igL2yteXsCmm5QaR0yLRsdZ_SCXcXUkYB8fHxmh2h-P4M",
      "issuer": "authorization-service",
      "expiresAt": 1688461709
    }
  }
}

Response is similar to the original get tokens request. Previous permission refresh token is outdated now.

User creation with a credentials factor

In this request, user name and password are provided by an end-user, and a permission token is provided on client's backend.

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/account/credentials' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1MjcyMSwiZXhwIjoxNjg4NDUzNjIxLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WVHFSrJbVRBX23XcIN0THQ2HDqA5pwD03tZuOeQLgpvcqwh0rV9dld-RZg4jvScpVqCXWGmlVPEH32uXJQ1tEms9dFEtGH-uXu1sXNIe-eeaCBQPu2qLkzhVCfgAaG1of7oVi_tKDNyZAeaakrMnDvac4iU62WrRFBCExeuc5eorqqE3biOG_jnwN83uWnYUINzsQAg9Cx89mbKk6B8iW3WUbLG4ixySwcjSRngclAJj33owKwtEfzYx58a7vSeahCNmsxCaP5a9_fXfFba9hYSTW285pL9n8imVyft4bnJ57nOX_GQ2yz-cAkllOs5AcJWtYzqhX3B6SM7zs-DQnZRVEehd9-jboB07sfhBo4j2mxtH7b36IqIJxWNhvNRvqBkBUv3PcIb_QVBmNNzpq5kITMiFz4Ouhs4xw8WiuFaQ3EOEJCmzqVQqvuWXqyrgk-P5GgE0Qa_VID6QBm6eLbeN_T3Zlf5leA_900l9TTYyR6Gzb5Eo78cupI1u1ojMqHquwvj7aYwLUVIvT1L6SVW8ABRoQ6qn6tmNdNFy20t4LhsSiulUXg1L2q64LsuNqGrOvPd6gMzSi9l4k72lBfeMiAtilVQFKQ3r7cLeXPPlcqRrUc8HMPpkEMU4BitzG-aR2-CU8czHPj6Ee2f0LLOJXCmT9cFrJCysrN-h5SA' \
  -H 'Content-Type: application/json' \
  -d '{
  "username": "CoolUser",
  "password": "A.1234567"
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "accountId": "a3878627-0d8e-4f9f-af43-382e599e1c92"
  }
}

User creation with email factor

Registration procedure with email contains two requests: sending email and code confirmation

In this request, email is provided by end-user, and a permission token is inserted on clients backend. As a result of this request, an email withv a confirmation code is sent to the provided address

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/account/email-intent' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Authorization: Bearer eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q' \
  -H 'Content-Type: application/json' \
  -d '{
  "email": "user@example.com"
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InV0aWxpdHlUb2tlblNjaGVtYSIsIm9wZXJhdGlvbklkIjoiMzIyN2I2ZDQtNDJkMy00YmI2LWE2NTItZTZiZmY1ODJjZWQ2IiwiaWF0IjoxNjg4NDU0OTMxLCJleHAiOjE2ODg0NTU4MzEsImlzcyI6ImF1dGhvcml6YXRpb24tc2VydmljZSJ9.F151syOYb7PFY96ACtpNIKKDxgmxKn50QoC96yEdldA"
  }
}

A confirmation codein this request is provided by end-user from an email, and a utilityToken comes from a previous request.

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/account/email-confirm' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "utilityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InV0aWxpdHlUb2tlblNjaGVtYSIsIm9wZXJhdGlvbklkIjoiMzIyN2I2ZDQtNDJkMy00YmI2LWE2NTItZTZiZmY1ODJjZWQ2IiwiaWF0IjoxNjg4NDU0OTMxLCJleHAiOjE2ODg0NTU4MzEsImlzcyI6ImF1dGhvcml6YXRpb24tc2VydmljZSJ9.F151syOYb7PFY96ACtpNIKKDxgmxKn50QoC96yEdldA",
  "code": "123456"
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "accountId": "5fd32d2d-e85c-443c-b015-a93198c18b1d"
  }
}

Getting Client Permissions

Getting a client permission token involves the necessity of providing factors list, so it consists of several steps.

Factors Requirements Verification

Firstly, it is necessary to define a set of required permissions. For example, we take permission to read data and permission to use secret: [read, secert]. Then it is needed to determine a set of required security factors, it can be done with the following request:

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/permission/probe' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "permissions": [
    "read",
    "secret"
  ]
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "combination": "or",
    "types": [
      {
        "combination": "just",
        "type": "credentials"
      },
      {
        "combination": "just",
        "type": "email"
      }
    ]
  }
}

This response means that for getting these permissions, it is enough to provide credentials factor or email factor. However, we can rely on knowledge of the service internal logic, because information about required factors is known in advance.

Getting security tokens

In this example, we are using credentialsFactor to get permissions:

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/security-factor/credentials' \
  -H 'accept: application/json' \
  -H 'Content-Type: application/json' \
  -d '{
  "password": "A.1234567",
  "username": "CoolUser"
}'

{
  "requestId": "224b9633-f85a-4849-a0a6-e3b85162704d",
  "data": {
    "securityToken": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InNlY3VyaXR5VG9rZW5TY2hlbWEiLCJhY2NvdW50SWQiOiJhMzg3ODYyNy0wZDhlLTRmOWYtYWY0My0zODJlNTk5ZTFjOTIiLCJzZWN1cml0eUZhY3RvclR5cGUiOiJjcmVkZW50aWFscyIsImlhdCI6MTY4ODQ5MTU0NSwiZXhwIjoxNjg4NDkyNDQ1LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.DhkzmomS-7EzddiCdHtMawEJHbu3dmEj8PvwDe0ljFs",
    "issuer": "authorization-service",
    "expiresAt": 1688492445
  }
}

Getting Permission Token

Then, we can request the permission token itself. When releasing a permission token that way, we should use user/device (depending on the type of session model), to provide token refresh localization and the required security level.

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/permission/issue-by-factors' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "tokenId": "3fa85f64-5717-4562-b3fc-2c963f66afa6",
  "permissions": [
    "read",
    "secret"
  ],
  "securityTokens": [
    "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InNlY3VyaXR5VG9rZW5TY2hlbWEiLCJhY2NvdW50SWQiOiJhMzg3ODYyNy0wZDhlLTRmOWYtYWY0My0zODJlNTk5ZTFjOTIiLCJzZWN1cml0eUZhY3RvclR5cGUiOiJjcmVkZW50aWFscyIsImlhdCI6MTY4ODQ5MjczMywiZXhwIjoxNjg4NDkzNjMzLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.WeusUjEBL35pjIkn4-m00P4X8SmFZIZJIpHvicD3ryU"
  ]
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "permissionToken": {
      "permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6ImEzODc4NjI3LTBkOGUtNGY5Zi1hZjQzLTM4MmU1OTllMWM5MiIsIm1lcmNoYW50SWQiOiJiMTlkYzI3YS1hZjgxLTQzOTctYmUyNS03ZTExMTBmMDk3OWYiLCJwZXJtaXNzaW9ucyI6WyJyZWFkIiwic2VjcmV0Il0sImlhdCI6MTY4ODQ5Mjc1MCwiZXhwIjoxNjg4NDkzNjUwLCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.NYRKdQZDw1FIlJk-Q3gM6iLCxqVMc_zu-88_nG1S3nd-x_ti6aA8V6Em5j3mDsH75bjNDU9mzNozJW446d3mV2C530ZDVj1JvcjW9HMLZD7Dz8kohaz-rWaNlNvdTDSfgxDI8rTQAaSNfhTjS1uH2RJl5dq2aeW8pIgPj6DkPiP28iCYbMCHlPo_SGzsDScYx_RJHKT9-skcD844zGW5QA2m_eJDTHtDedDc7DMGEXi0Jkok8WV-fN8Mc6THAo5AH7xELnETTmcf2I_rBQj3uDaYzNCfQ28VnvkgbIwn8YHWhR8i9SqpcGFhlohioBaWaMFllZvZMJzw4xTIEvDYDWuYFpkUBlBxn6eMATOazX0f1xW9oFeYcHqulK7awSQUCIF586YbSRpBm3Wd_6an2b7UP9B-yXIi7f_xu8hSJlTKt1AY07_S0wMbeM3JUWgRDLOX9RfOVtjMjXG99DXWLvLj1-LNI77829S-ajkT8d2ETrql6iFOxGiso-aVTJnujIl6SrPEeZHCpMSDyyG8bLsphYflqKmFGC3IVYaHAFz5p_FHjjZcqV_3uCdDQoHb965NhhJgPD8tkEItBEo0XO12OF8QYPPj2e4Rk1CBFBzUxB7-shnReIfV8hkukDfl5Sz_s6fPjSh_4YKouFrBrWH-ykmb6RRjg9MaOScdjwk",
      "issuer": "authorization-service",
      "expiresAt": 1688493650
    },
    "permissionRefreshToken": {
      "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiIzOGY4ZmNlOC02ZmJkLTQ3MWUtYmM3Yi04MmQxNWIxMmQ2YTYiLCJpYXQiOjE2ODg0OTI3NTAsImV4cCI6MTY4ODQ5OTk1MCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.Ts2ycUDfyHziLivjOtyonrGT50ejiipaX6ovmBFbTMXbPxNeF3pP5OxKDoSGgsl134jMlNKGLSw46Zk1xa69Wf8JA0-9mYlyYY2ZfQkh34L-ZmsouxOpRFGVSA9TTSWvWlLRYrT9Vrf4DiVVpnIAtXgUXt5R6a0F2Z-QQI238hwWdIGSD3Biol1E7Jrlhdc1FjVnYRilCQ5bNbmjD5IVbfKZEua3RlNQBqfR1OGevv8-tgkjxqkidm1WJRY7UUW3lV5JIsY6DpV1morOwTIFW28W-1y9RNKJZvbhWmt60CTkfXdOcjOrm6ZTaJvzjvhsPO85vAnKaq0ldzDDTREIJqqOZmI-jC6IfZvwhCGZY4zpnoj5a0r8GLQHos8m9qdIJ3bWyPAgJJJ3h77qZW2lLnGdVjRCXYxq_LkE9pZP7UCkgVPGxzlpZhC3Hv5t1eV3obwvfSPoMqrWQK5ON4P5J-FqWEvcyIyP5wGwj1w_5HE1oFA8LK48hQxyNcM48ZiO3g8WP6Hrh03YrvimfjpQQ076Jrm-mBE6Y5C9IinLJtXoEKwreDVWgIO-mDaR0z8lOBdvwx4tJchuL7t9XwaS9RjYOVRrChGDhXZlKyPpxN5BdiZXLWB0FVoLzHGKowGYedHu9nKYY82fCGE-oWf96T8VaPT4t9Gm3c_IS_MHtnU",
      "issuer": "authorization-service",
      "expiresAt": 1688499950
    }
  }
}

Resulting permissionToken can be used for requests to cloud services.

Token Refresh

RequestResponse

curl -X 'POST' \
  'https://cloud.spatium.net/authorization/v1/api/permission/refresh' \
  -H 'accept: application/json' \
  -H 'request-id: 446f01e1-c05b-4f92-85fd-502b9c20b4c8' \
  -H 'Content-Type: application/json' \
  -d '{
  "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiJkMDJjYjIxOC1hMThkLTQ4ZDAtYWZkOS00YTE0ZjFjZDFlYTEiLCJpYXQiOjE2ODg0NTQ0ODgsImV4cCI6MTY4ODQ2MTY4OCwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.CNCsJncur9z5UHk90KrwWWYfmmNM56j5xNUjr8Rr4OmT5FjPHkjdj5l4fbzvCDHsNktAa6TWxRC4EExI7h4Sb-0dDDrPxDoO_IjtIfEwPUT9bjQp3oMQt4U4u_-tXJXO2bQ2tXYFsxIn0fsO4BEADECnNwZcGiw9ZkgwnkcQ9fsa2B5nc6toHF55JLLhOtrYyZgVkiFfP9bNAk6FCqOL4NyncHTx5lz2k0WE957WBgIORZre5gH9bqJSsHm6ZKDnVLilLH2YZP1wV3zS5RD9nChVKU5PqNhxjjFbD7SvZYaib18B7KKPYjBrx-QOQQVFHij0aaLcyClqveOBF-Fd9RradRspCayvy9h-KesItY0kmVrNZi1ZBJjG7ibs-CKBGWONp1N-7D_-HHDlyOsgi8xcxPF6pVNqTfiSZ4aHVEbEZvXBs645OD4d-Vg6Bzce3RiUaEE7hwXkHeZwQBYfS_lcFUe4Ilxbq13XzbknjZA9mEPvlA2bpo6Xqh1GkbcBDRzmBj5Ta9Q3lCJyIEDz-U42aVyRc4rscG0-OKshhooK2dhwk0aSD6GI7B96hXvpqszlJJ0lJJAhCj2sGWQqZ9_998m0spaXMn75bKeFGwMzE9r68jpKPq5Y2PGkWRP_flTPrdZj3-YC4u5ZM4dYnbBCAJZguOHaZZRw-ByiHoE"
}'

{
  "requestId": "446f01e1-c05b-4f92-85fd-502b9c20b4c8",
  "data": {
    "permissionToken": {
      "permissionToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25Ub2tlblNjaGVtYSIsImFjY291bnRJZCI6bnVsbCwibWVyY2hhbnRJZCI6ImIxOWRjMjdhLWFmODEtNDM5Ny1iZTI1LTdlMTExMGYwOTc5ZiIsInBlcm1pc3Npb25zIjpbInJlZ2lzdGVyIl0sImlhdCI6MTY4ODQ1NDUwOSwiZXhwIjoxNjg4NDU1NDA5LCJpc3MiOiJhdXRob3JpemF0aW9uLXNlcnZpY2UifQ.ZGPgqEL7rrt92l0ftPx2bSg7hllNSxA6xhAVtvSU2OUD5Dr3r2I61A9N5VVhsBhfz_iE4MI-0GQ-28YFrC95lnmUw3fqG2r3WQmEOhLnQU0bMkeg69SIDWgkmGPhWGJbhDb8UJIFUzdv5om2j_-zGXF6KEO6xVKW0VudFjFWcv9k8r1h96NYuFen0KDSXeEfpg5Tb8E428ol1vtQvpNXJPD4gvrZXQvj_8PTqb23bndEmobxxVWOsIdIbuJsveyHOGEqLbgqIFnu3yBHq5G7lhGlFcs3Q8bo515aZyi-osvReJ0TYRAgwYCNhK7nwugLRvYuPtPIgzc1VMR0L_Z5gyrOrosy1Y5DqdkAYm3Gf1KsUYX-BT76vQdFD-ZI_iqZiDiIi8Nnht6z9MAj8B_znYNd5DsM7bsYIKkjiiWFvEzlYiyV4su19fv3WjV69JX49HnQIDk9Xa7Hy6byAWsDsfgIOgj0lcOQMH2VIOWZUNxo-r4BAj7WtAuGGf5H8AD47EciZSqBYj0nzmRDeGYQVfXWxUbIPBk-bup2_gEb2bG4lWC0ub0Ma6mpDZfjEcU2uun1Q65rOip0XjDwue0JBQ3JnXuUXc44_UnmFMdfbJ4H74DaUNb8-R3ngZS5ph1EZ6rtNpT1MTH4kLYXayitOP_5_J8Hb6VUoATtFfeD02Q",
      "issuer": "authorization-service",
      "expiresAt": 1688455409
    },
    "permissionRefreshToken": {
      "permissionRefreshToken": "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJtYWdpYyI6InBlcm1pc3Npb25SZWZyZXNoVG9rZW5TY2hlbWEiLCJ0b2tlbklkIjoiM2ZhODVmNjQtNTcxNy00NTYyLWIzZmMtMmM5NjNmNjZhZmE2IiwidG9rZW5SZWZyZXNoSWQiOiI1YzBlYzQ5My1kZDRmLTRjNDYtOWUyMS1mOGEyMzk5YmUyMjQiLCJpYXQiOjE2ODg0NTQ1MDksImV4cCI6MTY4ODQ2MTcwOSwiaXNzIjoiYXV0aG9yaXphdGlvbi1zZXJ2aWNlIn0.BcQ0ZDcd2UePEtFuBpFklQPwUBkjB8_Av6poULy61zCpsxwuomMVRbJtn70PR5JonbeB1NoPABgTOhYMqdhUKwPxd2lN80wY3whT1uyMNttooXCkZbUskJOby_0ncrtHy76k0F4Cabb4Km1EVn9yE5jCTGDatgU1Y-yUWlxG2HiTA-Gjr86KO-gJFLLkgTanVD4XD3sneqTQTV4N01itnKw0Tm-igmB-aVhLBeko9pKtfGmpfd_IIrjCVaZ1Jsg5L9BOixWI0r4mWeV3uCIaR0kfFyMNCGgYj6lLJrXybOphXBFRuTOL16mWpnCsY_ztBqr_iEOkyeUdsWB9--QgXUi_Kl6hEb1_QGbPXjV5sqLFp9mDdmUL8yEP0VdRn2MkDuy8zWxp6U0yQxnPpUEuzRJbgn9u2cUp8jOvdGVsHfzeCK24YaDZRCO_IC8jjSNP5axAhq3vjBorw98Sk0iT2aS1BDa88Lzk5kAgd36NmHNskxUFSnxwrXsw65RsWaGH3XBeWgHHnsMN1sSF2SI4HtqdUrOxHqOxWpzGtDO7XkHbl4_vUYoc4jvHNjrDOH5vkq3ZawyihUX3CglW5hAfH82xrDPI-jEXurO8BI5FaoYGjL8ITbFEOEVpTc8oy3igL2yteXsCmm5QaR0yLRsdZ_SCXcXUkYB8fHxmh2h-P4M",
      "issuer": "authorization-service",т
      "expiresAt": 1688461709
    }
  }
}

The response is similar to the original get tokens request. The previous permission refresh token is outdated now.