All Downloads are FREE. Search and download functionalities are using the official Maven repository.

20_10_0_LOCAL.authenticator-api-public-deprecated.yaml Maven / Gradle / Ivy

There is a newer version: 8.0.5
Show newest version
swagger: '2.0'
info:
  version: '20.10.0'
  title: Authenticator API
  description: |
    For bots and other on-premise processes to authenticate. Once
    authenticated, the bot will be able to use the methods described in
    serviceAPI.yaml and agentAPI.yaml.

    Connections to the servers will be over
    client authenticated TLS, the servers for this API will perform the
    authentication by inspecting the certificate presented by the
    SSLSocketClient.

    There will be two implementations of this API, one on your Pod
    and one on the Key Manager. In order to fully authenticate,
    an API client will have to call both of these implementations
    and pass both of the session tokens returned as headers in all
    subsequent requests to the Symphony API.
paths:
  '/v1/authenticate':
    post:
      summary: Authenticate.
      description: |
        Based on the SSL client certificate presented by the TLS layer, authenticate
        the API caller and return a session token.
      produces:
        - application/json
      tags:
        - CertificateAuthentication
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/Token'
        '400':
          description: 'Client error.'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden: Certificate authentication is not allowed for the requested user.'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/authenticate/extensionApp':
    post:
      summary: Authenticate a client-extension application
      description: |
        Based on the application's SSL client certificate presented by the TLS layer, it authenticates the client-extension
        application and return a symphony verification token.
      consumes:
        - application/json
      produces:
        - application/json
      tags:
        - CertificateAuthentication
      parameters:
        - name: authRequest
          description: application generated token
          in: body
          required: true
          schema:
            $ref: '#/definitions/ExtensionAppAuthenticateRequest'
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/ExtensionAppTokens'
        '400':
          description: 'Request object is invalid'
          schema:
            $ref: '#/definitions/Error'
        '401':
          description: 'Client is unauthorized to access this resource'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden to access this endpoint .'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/app/pod/certificate':
    get:
      summary: |
        Retrieve the certificate that can be use to validate the JWT token obtain
        through the extension application authentication flow.
      produces:
        - application/json
      tags:
        - CertificatePod
      responses:
        '200':
          description: OK
          schema:
            $ref: '#/definitions/PodCertificate'
        '401':
          description: 'Client is unauthorized to access this resource'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/app/authenticate':
    post:
      summary: PROVISIONAL - Authenticate an application in a delegated context.
      description: |
        Based on the SSL client certificate presented by the TLS layer, authenticate
        the API caller and return an application session.
      produces:
        - application/json
      tags:
        - CertificateAuthentication
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/Token'
        '400':
          description: 'Client error.'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden: Certificate authentication is not allowed for the requested user.'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/app/user/{uid}/authenticate':
    post:
      summary: PROVISIONAL - Authenicate an application in a delegated context to act on behalf of a user
      parameters:
        - name: uid
          description: user id
          in: path
          required: true
          type: integer
          format: int64
        - name: sessionToken
          description: Authorization token obtains from app/authenicate API
          in: header
          required: true
          type: string
      produces:
        - application/json
      tags:
        - CertificateAuthentication
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/OboAuthResponse'
        '400':
          description: 'Client error.'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden: Certificate authentication is not allowed for the requested user.'
          schema:
            $ref: '#/definitions/Error'
        '404':
          description: 'User id not found'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/app/username/{username}/authenticate':
    post:
      summary: PROVISIONAL - Authenicate an application in a delegated context to act on behalf of a user
      parameters:
        - name: username
          description: username
          in: path
          required: true
          type: string
        - name: sessionToken
          description: Authorization token obtains from app/authenicate API
          in: header
          required: true
          type: string
      produces:
        - application/json
      tags:
        - Authentication
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/OboAuthResponse'
        '400':
          description: 'Client error.'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden: Certificate authentication is not allowed for the requested user.'
          schema:
            $ref: '#/definitions/Error'
        '404':
          description: 'Username not found'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'
  '/v1/logout':
    post:
      summary: Logout.
      description: |
        Logout a users session.
      parameters:
        - name: sessionToken
          description: the session token to logout.
          in: header
          required: true
          type: string
      produces:
        - application/json
      tags:
        - CertificateAuthentication
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/Token'
        '400':
          description: 'Client error.'
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: 'Forbidden: Certificate authentication is not allowed for the requested user.'
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: 'Server error, see response body for further details.'
          schema:
            $ref: '#/definitions/Error'

#
# Deprecated paths
#

definitions:
  Error:
    type: object
    properties:
      code:
        type: integer
        format: int32
      message:
        type: string
  Token:
    type: object
    properties:
      name:
        description: |
          The name of the header in which the token should be presented on subsequent
          API calls.
        type: string
      token:
        type: string
        description: |
          The token which should be passed. This should be considered opaque data by
          the client. It is not intended to conatain any data interpretable by the
          client. The format is secret and subject to change without notice.
  ExtensionAppAuthenticateRequest:
    type: object
    description: Request body for extension app authentication
    properties:
      appToken:
        type: string
        description: application generated token
  ExtensionAppTokens:
    type: object
    properties:
      appId:
        description: Application ID
        type: string
      appToken:
        description: |
          This token generated by the application when calling authentication endpoint
        type: string
      symphonyToken:
        type: string
        description: |
          This token generated by Symphony and should be used by the application to verify that it's talking to Symphony.
      expireAt:
        type: integer
        format: int64
        description: unix timestamp when the token expired
  OboAuthResponse:
    type: object
    properties:
      sessionToken:
        type: string
        description: |
          The token which should be passed. This should be considered opaque data by
          the client. It is not intended to conatain any data interpretable by the
          client. The format is secret and subject to change without notice.
  PodCertificate:
    type: object
    properties:
      certificate:
        description: Certificate in PEM format
        type: string

#
# Deprecated definitions
#





© 2015 - 2025 Weber Informatics LLC | Privacy Policy