Token Management Service – Samples¶
Generating the X-SPACE-AUTH-KEY¶
Encode the following combination of user name/ID and password/secret using Base64:
<client_id>:<client_secret>Build the
<X-SPACE-AUTH-KEY>using the wordBasic, followed by a space and the encoding result, e.g.:X-SPACE-AUTH-KEY : Basic ZGlvcDEtaGVybWlvbmUtaGVybWlvbmU6c2RqaGZhc2RqaGZqYXNkaGZqa2FzZGhmams
Getting a Token to Access User IoT Data¶
Use the following endpoint:
POST api/technicaltokenmanager/v3/oauth/token
Define the following header keys, replace <X-SPACE-AUTH-KEY> with your authorization key, which is generated as explained above:
Content-Type: application/json
X-SPACE-AUTH-KEY : <X-SPACE-AUTH-KEY>
Request example:
{
"appName": "application_x",
"appVersion": "1.0.0",
"hostTenant": "host_tenant",
"userTenant": "user_tenant_1"
}
Sample response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsImtpZCI6ImtleS1pZC0xIiwidHlwIjoiSldUIn0.eyJqdGkiOiI4NjhhOTViYmJkZGM0ZmQ4YTU3ZTM0MGMyYmI3ZWJiNiIsInN1YiI6InNuZC1jbGllbnQiLCJzY29wZSI6WyJkZXAuZG93biIsImdyLnUiLCJwdHMuc2kiLCJkZXAuYWQiLCJ0bS50LnIiLCJkZXAuZHJlZyIsImdyLmMiLCJpbS5nLmQiLCJnci5kIiwiaW0uZy5jIiwiYXZzLnZhbCIsImNkcy5yIiwibm9zZS5zZSIsInJlcC5yIiwicmVwLnN1IiwiY2RzLnciLCJjZkFwcHMubWwiLCJnci5yIiwiY3N0LnIiLCJwdWIuciIsImltLmcuciIsInJlcC5kb3duIiwicHJ2LmcudSIsInBydi5nLnIiLCJpbS5nLnUiLCJwdWIucHQiLCJhdnMuY2tzLmNwIiwiaWFtLWFjdGlvbi5jbGllbnRfY3JlZGVudGlhbHMudGVuYW50LWltcGVyc29uYXRpb24iLCJwcnYuZy5kIiwicHJ2LmcuYyIsImRlcC5yZWciLCJwdWIucGEiLCJkZXAudXBnIiwicmVwLnVwIiwicHRzLnV0IiwicHViLnN1IiwicmVwLm11IiwiY2ZBcHBzLnNvIiwiZGVwLnVyZWciLCJjZkFwcHMuc3MiLCJkZXAuYXVkIiwicmVwLnV2IiwidXRzLnN1IiwicHRzLnBjIiwicHJ2LnIiLCJjZkFwcHMuYXIiLCJyZXAuYXAiLCJwcnYuYyIsInJlcC52dSJdLCJjbGllbnRfaWQiOiJzbmQtY2xpZW50IiwiY2lkIjoic25kLWNsaWVudCIsImF6cCI6InNuZC1jbGllbnQiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6IjZmZjVlMDkwIiwiaWF0IjoxNTQyODY0NjYzLCJleHAiOjE1NDI4NjY0NjMsImlzcyI6Imh0dHBzOi8vY29yZS5waWFtLmV1MS1pbnQubWluZHNwaGVyZS5pby9vYXV0aC90b2tlbiIsInppZCI6ImNvcmUiLCJhdWQiOlsibm9zZSIsImNzdCIsImlhbS1hY3Rpb24uY2xpZW50X2NyZWRlbnRpYWxzIiwic25kLWNsaWVudCIsInRtLnQiLCJnciIsImltLmciLCJkZXAiLCJwdHMiLCJwcnYuZyIsImNkcyIsInV0cyIsInBydiIsImF2cy5ja3MiLCJjZkFwcHMiLCJyZXAiLCJwdWIiLCJhdnMiXSwidGVuIjoiY29yZSIsInNjaGVtYXMiOlsidXJuOnNpZW1lbnM6bWluZHNwaGVyZTppYW06djEiXSwiY2F0IjoiY2xpZW50LXRva2VuOnYxIn0.eClNyplodSUU9MFJS2eM-Mc_pU2niRCDtEGZARxrq0UhseZ4DbqMwOIW4wEFqqBvNN-mdYS6XumnnFDn4IFEnJyM0DNcCzTucjqVS4RicRsa8lKFODSdQs1wO7FOETDR0_4QHFFvhB54WEsDDzlint67dhZN44nVdM2KLNJ9wkt949MWJtUZy1VrJNz-pRq_F-5Nvh6ZCA0E_DAmCEcyR0wrxY3A2QfZhYneh8VnkTPknWOtPFdpmWp7IXfNrUmiNRMI7EwY9HNTQ4GZsGkZhDdpOOrDIxZkDfTfoUgaLGtzEX8RtLUXPmE2W3e",
"token_type": "bearer",
"timestamp": "1559120938825",
"expires_in": 1799,
"scope": "cst.r uts.su im.usr.r em.rep.r tm.st.r tm.t.r agm.r iam-action.client_credentials.tenant-impersonation uts.ri asm.r atm.r uts.rc uaa.offline_token emds.ent.r asm.rep.r",
"jti": "3fcf2a5e-cc76-11e7-abc4-cec278b6b50a"
}
Getting Tokens to Access Multiple Users' IoT Data¶
Use the following endpoint:
POST api/technicaltokenmanager/v3/oauthTokens
Define the following header keys, replace <X-SPACE-AUTH-KEY> with your authorization key, which is generated as explained above:
Content-Type: application/json
X-SPACE-AUTH-KEY : <X-SPACE-AUTH-KEY>
Request example:
{
"appName": "application_x",
"appVersion": "1.0.0",
"hostTenantId": "host_tenant",
"userTenantIds": [
"user_tenant_a",
"user_tenant_b"
]
}
Sample response:
{
"oauthTokens": [
{
"userTenantId": "user_tenant_a",
"token": {
"access_token": "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vZGJkZTEubG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTk4MTIxMjY4MWY0NmM0YmNiYzNhYWI1MDc2NGYzMCIsInN1YiI6ImRiZGUxLXFldGttMS0xLjAuMDU1Iiwic2NvcGUiOlsibWRzcDpjb3JlOkFkbWluM3JkUGFydHlUZWNoVXNlciJdLCJjbGllbnRfaWQiOiJkYmRlMS1xZXRrbTEtMS4wLjA1NSIsImNpZCI6ImRiZGUxLXFldGttMS0xLjAuMDU1IiwiYXpwIjoiZGJkZTEtcWV0a20xLTEuMC4wNTUiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6Ijg5YTFhZDNkIiwiaWF0IjoxNTU5MDUyNTg0LCJleHAiOjE1NTkwNTQzODQsImlzcyI6Imh0dHBzOi8vZGJkZTEucGlhbS5ldTEtYi5taW5kc3BoZXJlLmlvL29hdXRoL3Rva2VuIiwiemlkIjoiZGJkZTEiLCJhdWQiOlsiZGJkZTEtcWV0a20xLTEuMC4wNTUiXSwidGVuIjoiZGJkZTEiLCJzY2hlbWFzIjpbInVybjpzaWVtZW5zOm1pbmRzcGhlcmU6aWFtOnYxIl0sImNhdCI6ImNsaWVudC10b2tlbjp2MSJ9.zSrnv3ypC9gHPUNGlbAVGxA8tEoGwnOVd2Vk5XNF-XEpf34Fh2JUrG9oYUcyBPeB1pUwOvxxrGuYAFwYk1eGmdAxT0KPL7R2JTbDRPgEPA0hLZN9mw5FL-CTlifzK1isEN_6ePH9y0T2tWCHiUCL5EURcrwrGfP3Xot7Lu2g9ZR-q-ychshsH0HVIZ9GerwRGi5ciO-FI2z8z7omVPojimCbLooLE7V6Kv2mtM5lqStaANxbV1h1ITkiXkEgOpEIRHG6nwqG2LwQybTAIj9MRW-g620qB9PYDYxFcGda",
"token_type": "bearer",
"timestamp": "1559120938825",
"expires_in": 1799,
"scope": "cst.r uts.su im.usr.r em.rep.r tm.st.r tm.t.r agm.r iam-action.client_credentials.tenant-impersonation uts.ri asm.r atm.r uts.rc uaa.offline_token emds.ent.r asm.rep.r",
"jti": "3fcf2a5e-cc76-11e7-abc4-cec278b6b50a"
}
}{
"userTenantId": "user_tenant_b",
"token": {
"access_token": "eyJhbGciOiJSUzI1NiIsImprdSI6Imh0dHBzOi8vZGJkZTEubG9jYWxob3N0OjgwODAvdWFhL3Rva2VuX2tleXMiLCJraWQiOiJrZXktaWQtMiIsInR5cCI6IkpXVCJ9.eyJqdGkiOiJjMTk4MTIxMjY4MWY0NmM0YmNiYzNhYWI1MDc2NGYzMCIsInN1YiI6ImRiZGUxLXFldGttMS0xLjAuMDU1Iiwic2NvcGUiOlsibWRzcDpjb3JlOkFkbWluM3JkUGFydHlUZWNoVXNlciJdLCJjbGllbnRfaWQiOiJkYmRlMS1xZXRrbTEtMS4wLjA1NSIsImNpZCI6ImRiZGUxLXFldGttMS0xLjAuMDU1IiwiYXpwIjoiZGJkZTEtcWV0a20xLTEuMC4wNTUiLCJncmFudF90eXBlIjoiY2xpZW50X2NyZWRlbnRpYWxzIiwicmV2X3NpZyI6Ijg5YTFhZDNkIiwiaWF0IjoxNTU5MDUyNTg0LCJleHAiOjE1NTkwNTQzODQsImlzcyI6Imh0dHBzOi8vZGJkZTEucGlhbS5ldTEtYi5taW5kc3BoZXJlLmlvL29hdXRoL3Rva2VuIiwiemlkIjoiZGJkZTEiLCJhdWQiOlsiZGJkZTEtcWV0a20xLTEuMC4wNTUiXSwidGVuIjoiZGJkZTEiLCJzY2hlbWFzIjpbInVybjpzaWVtZW5zOm1pbmRzcGhlcmU6aWFtOnYxIl0sImNhdCI6ImNsaWVudC10b2tlbjp2MSJ9.zSrnv3ypC9gHPUNGlbAVGxA8tEoGwnOVd2Vk5XNF-XEpf34Fh2JUrG9oYUcyBPeB1pUwOvxxrGuYAFwYk1eGmdAxT0KPL7R2JTbDRPgEPA0hLZN9mw5FL-CTlifzK1isEN_6ePH9y0T2tWCHiUCL5EURcrwrGfP3Xot7Lu2g9ZR-q-ychshsH0HVIZ9GerwRGi5ciO-FI2z8z7omVPojimCbLooLE7V6Kv2mtM5lqStaANxbV1h1ITkiXkEgOpEIRHG6nwqG2LwQybTAIj9MRW-g620qB9PYDYxFcGdb",
"token_type": "bearer",
"timestamp": "1559120938828",
"expires_in": 1799,
"scope": "cst.r uts.su im.usr.r em.rep.r tm.st.r tm.t.r agm.r iam-action.client_credentials.tenant-impersonation uts.ri asm.r atm.r uts.rc uaa.offline_token emds.ent.r asm.rep.r",
"jti": "3fcf2a5e-cc76-11e7-abc4-cec278b6b50b"
}
}
]
}
Getting a List of all Authorized Users of an Application¶
Use the following endpoint:
GET api/technicaltokenmanager/v3/userTenants
Info
This endpoint expects a token in the authorization header with bearer scheme. The token can be obtained from /oauth/token using the operator tenant as userTenant and hostTenant.
Sample response:
{
"page": {
"size": 0,
"totalElements": 0,
"totalPages": 0,
"number": 0
},
"userTenants": [
{
"id": "testusertenant1"
}
]
}
Info
This endpoint only returns up to 100 tenant IDs per request.
Getting Tokens to Access all Users' IoT Data¶
Request a token from the
/oauth/tokenendpoint as described in Getting a Token to Access User IoT Data using the tenant where your app runs on asuserTenantandhostTenant.Request example:
{ "appName": "application_x", "appVersion": "1.0.0", "hostTenant": "operator_tenant", "userTenant": "operator_tenant" }Get a list of all author tenants from the
/userTenantsendpoint as described in Getting a List of all Authorized Users of an Application.Info
This endpoint only returns up to 100 tenant IDs per request.
Request up to 5 access tokens from the
/oauthTokensendpoint as described in Getting Tokens to Access Multiple Users' IoT Data. Repeat this step if required to get access tokens for all user tenants.Request example:
{ "appName": "application_x", "appVersion": "1.0.0", "hostTenantId": "host_tenant", "userTenantIds": [ "user_tenant_a", "user_tenant_b" ] }
Best Practices to Issue Tokens¶
- Cache tokens and only issue a new one if they expire.
Although the Token Manager API provides caching, it is recommended to implement your own caching to overcome the network latency on the request round trip. - Do not expose tokens via endpoints.
- Do not print the service credentials in the application log.