Versions Compared

Old Version 1

changes.mady.by.user George Rossides (Unlicensed)

Saved on

compared with

New Version 2

changes.mady.by.user George Rossides (Unlicensed)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Panel
nameblue

Table of Contents

Authentication

In order for a Third Party System to access CRM.COM, authentication must be acquired before performing any logical unit of work. This can be accomplished by using one of the two methods; Web API Keys or Username & Password.

...

  • Header
    • typ: The type of the token, which is JWT
    • alg: The hashing algorithm being used, which is HS256
  • Payload: contains the claims which are statements about an the user and additional metadata.
    • jti: The ID of the user session as generated by CRM.COM
    • usr: The username of the logged in user
    • org: The organisation name of the organisation that the user logged in
    • oun: The unit name of the unit that the user logged in
    • exp: The expiration time on or after which the JWT becomes invalid and should not be accepted for processing. 
    • iat: The time at which the JWT was issued
  • Signature: is used to verify that the sender of the JWT is who it says it is and to ensure that the message wasn't changed along the way. The signature is created by encoding the header and payload and signing them using a secret and the HS256 algorithm

...

  • encoded header + '.' + encoded payload + '.' + encoded signature

How to Authenticate with Web API Key Method

This is the recommended method of authentication. Web API Keys are assigned to specific users in order to access a specific organisation and can be used to authenticate users through Web API, resulting to an authentication token that can subsequently be used by other Web API calls. 

...

Code Block
languagexml
titleBody
linenumberstrue
{
    "unit": "unit"
}

Note that the unit parameter is optional. If not specified then the default unit of the user that is represented by the specified Web API key will be used

How to Authenticate with Username & Password Method

Use the POST authentication/token method (by providing a username and password).  

...

Code Block
languagexml
titleBody
linenumberstrue
{
    "username": "username",
    "password": "1234",
    "organisation": "organisation",
    "unit": "unit"
}

How to Refresh Authentication Token

Based on the parameters passed to JWT authorisation, through the payload section, the "exp" parameter sets the expiration time on or after which the JWT becomes invalid and should not be accepted for processing. 

...