Authorization Service

Token-based authentication is implemented in TIBCO Product and Service Inventory to ensure secure access to TIBCO Product and Service Inventory Server REST APIs, and to support multitenancy. The authentication service in TIBCO Product and Service Inventory uses JSON WebToken(JWT) to validate user credentials (user name, password, and tenantID).

The following functions are covered under the Authorization Service:

Create User

This request is used to create a new user.

Method: HTTP POST method

Endpoint:http://<host_address>:<port_number>/v1/user

Create User Parameters
Parameter       Cardinality     Description
X-API-AppId   Mandatory

The application ID is used to get user details.

The default ID is auth.

X-API-Key   Mandatory

This key is used to get user details.

The default ID is auth.

userInfo (Body) enabled Mandatory

The value can be "true" or "false".

If you set the value as "true", then the user is accessible through the Configurator and the "false" value disables the user.

password Mandatory The password to be used for the user.
tenantId Mandatory This is the TENANT value as stored in the users' table in the database. If the tenantId is not present in the database, then a new TENANT is created.
userName Mandatory It specifies the user name to be created or modified.
userRoles Mandatory It assigns the role to the user. The valid role values are ROLE_ADMIN, ROLE_USER, ROLE_PARTY, ROLE_ITEM

Example for the Create User request:

Copy
{
"user": [
{
"enabled": true, "password": "testpassword", "tenantId": "testTenant", "userName": "testuser", "userRoles": [
"ROLE_ADMIN"
]
}
]
}

Update User

This request is used to update an existing one.

Method: HTTP PUT method

Endpoint:http://<host_address>:<port_number>/v1/user

Update User Parameters
Parameter       Cardinality     Description
X-API-AppId   Mandatory

The application ID is used to get user details.

The default ID is auth.

X-API-Key   Mandatory

This key is used to get user details.

The default ID is auth.

userInfo (Body) enabled Mandatory

The value can be "true" or "false".

If you set the value as "true", then the user is accessible through the Configurator and the "false" value disables the user.

password Mandatory The password to be used for the user.
tenantId Mandatory This is the TENANT value as stored in the users' table in the database. If the tenantId is not present in the database, then a new TENANT is created.
userName Mandatory It specifies the user name to be created or modified.
userRoles Mandatory It assigns the role to the user. The valid role values are ROLE_ADMIN, ROLE_USER, ROLE_PARTY, ROLE_ITEM

Example for the Update User request:

Copy
{
"user": [
{
"enabled": true, "password": "testpassword", "tenantId": "testTenant", "userName": "testuser", "userRoles": [
"ROLE_ADMIN"
]
}
]
}

Get User

This request is used to get the details of the existing user.

Method: HTTP GET method

Endpoint:http://<host_address>:<port_number>/v1/user

Get User Parameters

Parameter

Cardinality

Description

X-API-AppId Mandatory

The applicationID is used to get the user details. The default ID is auth.

X-API-Key Mandatory

This key is used to get the user details. The default ID is auth.

tenantId Mandatory

This is the TENANT value as stored in the users' table in the database.

userId Mandatory

This is the userId value as stored in the users' table in the database.

Delete User

This request is used to delete the existing user.

Method:HTTP DELETE method

Endpoint:http://<host_address>:<port_number>/v1/user

Delete User Parameters

Parameter

 

Cardinality

Description

X-API-AppId   Mandatory

The applicationID is used to get the user details. The default ID is auth.

X-API-Key   Mandatory

This key is used to get the user details. The default ID is auth.

userInfo (Body) tenantId Mandatory Tenant value stored in the users' table in the database.
userName Mandatory It specifies the user name to be deleted.

Example: Delete User request

Copy
[
[
  {
    "userName": "string",
    "tenantId": "string"
  }
]