Public Facing APIs

Users are able to interface with the platform using public facing APIs.

In order to use this feature user with API specific access permissions needs to be created. Once provided access this user will have the permissions for integrating your company applications with SecurityPro APIs.

Creating API only user:

  • If you are  Customer/Company admin you should be able to create API only user using the same process as in Adding a user but with a role as “API Only”.
  • On first time access of the invite link sent by admin ,user will be prompted for password reset.
  • On resetting password, a link will appear for the user to navigate to SecurityPro “API Only” user dashboard.

API only user dashboard:

  • API only user dashboard provides credentials (Client ID and Client Secret) that allows corresponding company to access SecurityPro APIs.
  • User dashboard also provides an option to regenerate Client Secret that helps in periodic rotation of Client Secret.

MicrosoftTeams-image__6_.png

Note : As a security measure rotation of Client Secret once a month/quarter is recommended.

API Swagger documentation:

API swagger documentation can be found at this URL : https://securitypro.korewireless.com/ddapp/api/swagger-ui.html

Invoke SecurityPro APIs using Postman:

  • Get Access & Refresh token by providing OAuth2.0 Client ID & Client Secret. 
Method : POST 

URL : https://login.korewireless.com/auth/realms/device-defense/protocol/openid-connect/token

Authorization Tab

      Type : Basic Auth 

      Username : Basic 

      Password : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Client Secret 

Body Tab

      Select x-www-form-urlencoded 

      KEY : client_id, VALUE : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Client Id 

      KEY : grant_type, VALUE : client_credentials 
  • Invoke SecurityPro APIs by providing OAuth2.0 Access Token
Method : GET | POST | PUT | DELETE 

URL : https://securitypro.korewireless.com/ddapp/api/groups/byCompany/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Client Id 

Authorization Tab

       Type : Bearer Token 

       Token : <Access Token> Access Token  

Headers Tab

      KEY : X-dd-companyId, VALUE : xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx Client Id 

 

Note: Client Id and Company Id are interchangeably used here.OAuth2.0 protocol uses the term “Client Id” while SecurityPro API refers this data as “Company Id”.

 

 

IMPORTANT : 

Authentication and authorization of SecurityPro APIs are based on OAuth2.0/OIDC access and refresh tokens that need to be passed along with resource endpoints to receive data back from SecurityPro. Please note that Client Secret must be stored on the server side of your company applications and not to  send across browser or mobile applications that runs on mobile devices. However, OAuth 2.0 access token can be sent to browser or mobile applications, so browser or mobile applications can directly invoke SecurityPro APIs. On token expiry, invoke your server component to get another valid access token.

Related articles