Authorization Service
Access to the rendering REST API requires a valid JWT (JSON web token) which is sent in the Authorization header of each request. This is an example:
Authorization: Bearer eyJmb28iOiJiYXIifQ==
Tokens are acquired from the /auth/{tenant}/tokens endpoint in the typical style of OAuth2 password authentication.
The root URI is
https://api.priintcloud.com/auth
The URI pattern is
/auth/{tenant}/tokens
Required Headers
| Header | Value | Description |
|---|---|---|
| Content-Type | application/x-www-form-urlencoded | Must be form-urlencoded, Other variants are not supported. |
| Accept | application/json | Result is always be reported as JSON |
Required Form Fields
| Form-Parameter | Description |
|---|---|
| username | Username as provided by priint cloud |
| password | Password as provided by priint cloud |
| project | The project you want to get a token for |
| scope | A scope name - either jobs for rendering or admin for using the repository or statistics endpoint |
Example
Here is an example transaction to exchange username and password with a scoped token.
Authorization Request
> POST /auth/example.com/tokens
> Host: api.priintcloud.com
> Content-Type: application/x-www-form-urlencoded
> Accept: application/json
>
> username=priintcloud-worker&password=S*meS*cr*tCh*rs&scope=jobs&project=datasheets-1
Authorization Response with token
200 OK
Content-Type: application/json
{
"token_type": "bearer",
"access_token": "eyJmb28iOiJiYXIifQ==",
"expires_in": 86400,
"scope": "jobs"
}
For the rendering integration the scope is always jobs. The jobs scope allows to trigger rendering jobs and to download the generated artifacts. Other scopes for adding/modifying configurations, adding users etc. are out of scope of the current document.
OpenAPI
Our authentication API is described via OpenAPI. There is a Swagger UI available to visualize the OpenAPI doc.