Authorization Service

Token-based authentication is implemented in TIBCO Offer and Price Engine to ensure secure access to TIBCO Offer and Price Engine Server REST APIs, and to support multitenancy. The authentication service in TIBCO Offer and Price Engine uses JSON WebToken(JWT) to validate user credentials (user name, password, and tenantID).

The following functions are covered under the Authorization Service:

Create User

This request is used to create a new user.

Method: HTTP POST method

Endpoint: http://<host_address>:<port_address>/v1/user

Create User Parameters
Parameter Cardinality Description
X-API-AppId Mandatory The application ID is used for getting user details. The default ID is auth.
X-API-Key Mandatory This key is used for getting user details. The default ID is auth.
userInfo (Body) enabled Mandatory The value can be true or false. true makes the user accessible through the configurator UI and false makes the user disable.
password Mandatory The password to be used for the user.
tenantId Mandatory This is the TENANT value as stored in the users table in the database. If the tenantId is not present in the database, then a new TENANT is created.
userName Mandatory It specifies the user name to be created or modified.
userRoles Mandatory

It assigns the role to the user.

The default valid role values are ROLE_ADMIN and ROLE_USER. You can override the default roles if required.

Note: If the userName and tenantId provided in the request already exist, then the user is modified with the provided values.

Example for the Create and Modify User request:

{
	"user": [
	{
		"enabled": true,
		"password": "testpassword",
		"tenantId": "testTenant",
		"userName": "testuser",
		"userRoles": [
		"ROLE_ADMIN"
		]
	} 
	]
}

Update User

This request is used to create a new user or update the existing one.

Method: HTTP PUT method

Endpoint: http://<host_address>:<port_address>/v1/user

Update User Parameters
Parameter Cardinality Description
X-API-AppId Mandatory The application ID is used for getting user details. The default ID is auth.
X-API-Key Mandatory This key is used for getting user details. The default ID is auth.
userInfo (Body) enabled Mandatory The value can be true or false. true makes the user accessible through the configurator UI and false makes the user disable.
password Mandatory The password to be used for the user.
tenantId Mandatory This is the TENANT value as stored in the users table in the database. If the tenantId is not present in the database, then a new TENANT is created.
userName Mandatory It specifies the user name to be created or modified.
userRoles Mandatory It assigns the role to the user. The valid role values are ROLE_ADMIN and ROLE_USER.
Note: If the userName and tenantId provided in the request already exist, then the user is modified with the provided values.

Example for the Update User request:

{
	"user": [
	{
		"enabled": true,
		"password": "testpassword",
		"tenantId": "testTenant",
		"userName": "testuser",
		"userRoles": [
		"ROLE_ADMIN"
		]
	} 
	]
}

Get User

This request is used to get the details of the existing user.

Method: HTTP GET method

Endpoint: http://<host_address>:<port_address>/v1/user

Get User Parameters
Parameter Cardinality Description
X-API-AppId Mandatory The application ID is used for getting the user details. The default ID is auth.
X-API-Key Mandatory This key is used for getting the user details. The default ID is auth.
tenantId Mandatory This is the TENANT value as stored in the users table in the database.
userId Mandatory This is the username value as stored in the users table in the database.

Delete User

This request is used to delete the existing user.

Method: HTTP DELETE method

Endpoint:http://<host_address>:<port_address>/v1/user

Delete User Parameters
Parameter Cardinality Description
X-API-AppId Mandatory The application ID is used for getting user details. The default ID is auth.
X-API-Key Mandatory This key is used for getting user details. The default ID is auth.
userInfo (Body) userName Mandatory It specifies the user name to be deleted.
tenantId Mandatory This is the tenant value as stored in users table in the database.

Example for Delete User request:

[
  {
    "userName": "testuser",
    "tenantId": "testTenant"
  }
]

Generating an authorization token

This token can be used to access operations of the services such as Catalog service, OPE endpoints service, Offer Search Indexing service, and Shopping Cart service. For the Configuration service and Authorization service, a token is not required.

    Procedure
  1. To authorize a particular service, open the REST API home page of that service in a browser.
    Note: If the enableSecureAPI value is set as false, the authentication is bypassed and you do not have to authorize the service. For the REST services, the authorization token is not required. However, you must provide the tenantID.
  2. Click the Authorize button.
  3. The Available authorizations window opens.

  4. Pass the following mandatory parameters:
    Authorization parameters and description
    Element Name Element Type Description
    username String username@tenantId
    password String Existing password
    Client credentials location Select Authorization header or Request body from the drop-down options.
    client_id String order-management-client
    client_secret String order-management-secret

  5. Select the read and write check boxes as per the requirements and then click the Authorize button.
ResultAn authorization token is generated for the particular service. This token is unique and valid only for the dedicated user with tenant ID. The access token comes with an expiry.
Note:
You can disable authorization by setting the value of enableSecureAPI flag as false from the ConfigValues_Common.json file under <OPE_HOME>/seed-data/app-properties directory, and upload the latest properties in the admin database.

Auth service for other OPE services authentication is not required when enableSecureAPI is set as false, but the configurator-ui service still needs the auth service to be functional to log in into the Configurator UI.

For soap services, to hit any OPE service for the non-default tenants, add a header with the tenant ID name and value of the tenant ID.

Generating an authentication token through the REST endpoints

Perform the following procedure to generate the authentication token through the REST endpoints:

    Procedure
  1. To authorize a particular service, open the postman client.
  2. On the Authorization tab, fill the details in the Username and Password fields and then click Send.
  3. On the Body tab, fill the details in the Username and Password fields and then click Send.
ResultAn authorization token is generated for the particular service. This token is unique and valid only for the dedicated user with a tenant ID. The access token is valid for a limited period.
Authorization Token APIs
Generate Authorization Header

This request is used to generate the authorization header for OAuth token endpoint.

Method: HTTP GET method

Endpoint: http://<host_address>:<port_address>/v1/generateAuthHeader

Generate Authorization Header Parameters
Parameter Cardinality Description
client_id Mandatory order-management-client
client_secret Mandatory order-management-secret

Generate OAuth Token

This request is used to generate authorization OAuth token.

Method: HTTP POST method

Endpoint: http://<host_address>:<port_address>/oauth/token

Generate Authorization Header Parameters
Parameter Cardinality Description
grant_type Mandatory You can select password or refresh token.
scope Mandatory You can select read, write, or 'read write'.
refresh_token   Refresh token from previously generated token. Required only when grant_type=refresh_token
username   Required only when grant_type=password
password   Required only when grant_type=password
tenantId   Required only when grant_type=password
Authorization Mandatory  
Content-Type Mandatory