Authorization Service
Token-based authentication is implemented in TIBCO Offer and Price Engine to ensure secure access to TIBCO Offer and Price Engine Server REST APIs, and to support multitenancy. The authentication service in TIBCO Offer and Price Engine uses JSON WebToken(JWT) to validate user credentials (user name, password, and tenantID).
The following functions are covered under the Authorization Service:
-
After a user is created, authenticate it by following the procedures in the Generating an authorization token topic.
Create User
This request is used to create a new user.
Method: HTTP POST method
Endpoint: http://<host_address>:<port_address>/v1/user
Parameter | Cardinality | Description | |
---|---|---|---|
X-API-AppId | Mandatory | The application ID is used for getting user details. The default ID is auth. | |
X-API-Key | Mandatory | This key is used for getting user details. The default ID is auth. | |
userInfo (Body) | enabled | Mandatory | The value can be
true or
false .
true makes the user accessible through the configurator UI and
false makes the user disable.
|
password | Mandatory | The password to be used for the user. | |
tenantId | Mandatory | This is the
TENANT value as stored in the
users table in the database. If the
tenantId is not present in the database, then a new
TENANT is created.
|
|
userName | Mandatory | It specifies the user name to be created or modified. | |
userRoles | Mandatory |
It assigns the role to the user. The default valid role values are |
userName
and
tenantId
provided in the request already exist, then the user is modified with the provided values.
Example for the Create and Modify User request:
{ "user": [ { "enabled": true, "password": "testpassword", "tenantId": "testTenant", "userName": "testuser", "userRoles": [ "ROLE_ADMIN" ] } ] }
Update User
This request is used to create a new user or update the existing one.
Method: HTTP PUT method
Endpoint: http://<host_address>:<port_address>/v1/user
Parameter | Cardinality | Description | |
---|---|---|---|
X-API-AppId | Mandatory | The application ID is used for getting user details. The default ID is auth. | |
X-API-Key | Mandatory | This key is used for getting user details. The default ID is auth. | |
userInfo (Body) | enabled | Mandatory | The value can be
true or
false .
true makes the user accessible through the configurator UI and
false makes the user disable.
|
password | Mandatory | The password to be used for the user. | |
tenantId | Mandatory | This is the
TENANT value as stored in the
users table in the database. If the
tenantId is not present in the database, then a new
TENANT is created.
|
|
userName | Mandatory | It specifies the user name to be created or modified. | |
userRoles | Mandatory | It assigns the role to the user. The valid role values are
ROLE_ADMIN and ROLE_USER .
|
userName
and
tenantId
provided in the request already exist, then the user is modified with the provided values.
Example for the Update User request:
{ "user": [ { "enabled": true, "password": "testpassword", "tenantId": "testTenant", "userName": "testuser", "userRoles": [ "ROLE_ADMIN" ] } ] }
Get User
This request is used to get the details of the existing user.
Method: HTTP GET method
Endpoint: http://<host_address>:<port_address>/v1/user
Parameter | Cardinality | Description |
---|---|---|
X-API-AppId | Mandatory | The application ID is used for getting the user details. The default ID is auth. |
X-API-Key | Mandatory | This key is used for getting the user details. The default ID is auth. |
tenantId | Mandatory | This is the
TENANT value as stored in the
users table in the database.
|
userId | Mandatory | This is the
username value as stored in the
users table in the database.
|
Delete User
This request is used to delete the existing user.
Method: HTTP DELETE method
Endpoint:http://<host_address>:<port_address>/v1/user
Parameter | Cardinality | Description | |
---|---|---|---|
X-API-AppId | Mandatory | The application ID is used for getting user details. The default ID is auth. | |
X-API-Key | Mandatory | This key is used for getting user details. The default ID is auth. | |
userInfo (Body) | userName | Mandatory | It specifies the user name to be deleted. |
tenantId | Mandatory | This is the
tenant value as stored in
users table in the database.
|
Example for Delete User request:
[ { "userName": "testuser", "tenantId": "testTenant" } ]
Generating an authorization token
This token can be used to access operations of the services such as Catalog service, OPE endpoints service, Offer Search Indexing service, and Shopping Cart service. For the Configuration service and Authorization service, a token is not required.
- Procedure
- To authorize a particular service, open the REST API home page of that service in a browser.
Note: If the
enableSecureAPI
value is set asfalse
, the authentication is bypassed and you do not have to authorize the service. For the REST services, the authorization token is not required. However, you must provide thetenantID
. - Click the Authorize button.
- Pass the following mandatory parameters:
Authorization parameters and description Element Name Element Type Description username String username@tenantId password String Existing password Client credentials location Select Authorization header or Request body from the drop-down options. client_id String order-management-client client_secret String order-management-secret - Select the read and write check boxes as per the requirements and then click the Authorize button.
You can disable authorization by setting the value of
enableSecureAPI
flag as false
from the ConfigValues_Common.json
file under <OPE_HOME>/seed-data/app-properties
directory, and upload the latest properties in the admin database.Auth service for other OPE services authentication is not required when
enableSecureAPI
is set as false
, but the configurator-ui service still needs the auth service to be functional to log in into the Configurator UI.For soap services, to hit any OPE service for the non-default tenants, add a header with the tenant ID name and value of the tenant ID.
Generating an authentication token through the REST endpoints
Perform the following procedure to generate the authentication token through the REST endpoints:
- Procedure
- To authorize a particular service, open the postman client.
- On the Authorization tab, fill the details in the Username and Password fields and then click Send.
- On the Body tab, fill the details in the Username and Password fields and then click Send.
Authorization Token APIs
Generate Authorization Header
This request is used to generate the authorization header for OAuth token endpoint.
Method: HTTP GET method
Endpoint: http://<host_address>:<port_address>/v1/generateAuthHeader
Parameter | Cardinality | Description | |
---|---|---|---|
client_id | Mandatory | order-management-client | |
client_secret | Mandatory | order-management-secret |
Generate OAuth Token
This request is used to generate authorization OAuth token.
Method: HTTP POST method
Endpoint: http://<host_address>:<port_address>/oauth/token
Parameter | Cardinality | Description |
---|---|---|
grant_type | Mandatory | You can select password or refresh token. |
scope | Mandatory | You can select read, write, or 'read write'. |
refresh_token | Refresh token from previously generated token. Required only when grant_type=refresh_token | |
username | Required only when grant_type=password | |
password | Required only when grant_type=password | |
tenantId | Required only when grant_type=password | |
Authorization | Mandatory | |
Content-Type | Mandatory |