Api Authentication

Authenticate API call from Ideabiz

When authentication API call, Ideabiz use Authorization header. If each and every API call is authorized, it will pass onto the original endpoint. You can use the header X-JWT-Assertion to identify each request. this header will be appended by Ideabiz to all api call requests.

Other than that, you can also have any headers except Authorization

IP Validation

Source IP : 202.69.200.34

Reading API call information

All requests contains the header X-JWT-Assertion

it looks like

eyJ0eXAiOiJKV1QiLCJhbGciOiJub25lIn0=.eyJpc3MiOiJ3c28yLm9yZy9wcm9kdWN0cy9hbSIsImV4cCI6MTQzMzY1MzA2MzcwNSwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9zdWJzY3JpYmVyIjoiYWRtaW4iLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2FwcGxpY2F0aW9uaWQiOiI0MiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb25uYW1lIjoiQXBwbGljYXRpb24gMyIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvYXBwbGljYXRpb250aWVyIjoiVW5saW1pdGVkIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9hcGljb250ZXh0IjoiL3Ntc21lc3NhZ2luZyIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdmVyc2lvbiI6IjEiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3RpZXIiOiI2MDAwVFBNIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9rZXl0eXBlIjoiUFJPRFVDVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvdXNlcnR5cGUiOiJBUFBMSUNBVElPTiIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlciI6ImFub255bW91cyIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZW5kdXNlclRlbmFudElkIjoiLTEyMzQiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL2VtYWlsYWRkcmVzcyI6ImluZm9AaWRlYWJpei5sayIsImh0dHA6Ly93c28yLm9yZy9jbGFpbXMvZ2l2ZW5uYW1lIjoiRGlhbG9nIiwiaHR0cDovL3dzbzIub3JnL2NsYWltcy9sYXN0bmFtZSI6IklkZWFCaXoiLCJodHRwOi8vd3NvMi5vcmcvY2xhaW1zL3JvbGUiOiJhZG1pbixJbnRlcm5hbC9zdWJzY3JpYmVyIn0=.

Split this text by ".". and get 2nd part. then decode it using base 64

Then you can get JSON object (refer below)

{
  "iss": "wso2.org/products/am",
  "exp": 1433653063705,
  "http://wso2.org/claims/subscriber": "admin",
  "http://wso2.org/claims/applicationid": "42",
  "http://wso2.org/claims/applicationname": "Application 3",
  "http://wso2.org/claims/applicationtier": "Unlimited",
  "http://wso2.org/claims/apicontext": "/smsmessaging",
  "http://wso2.org/claims/version": "1",
  "http://wso2.org/claims/tier": "6000TPM",
  "http://wso2.org/claims/keytype": "PRODUCTION",
  "http://wso2.org/claims/usertype": "APPLICATION",
  "http://wso2.org/claims/enduser": "anonymous",
  "http://wso2.org/claims/enduserTenantId": "-1234",
  "http://wso2.org/claims/emailaddress": "info@ideabiz.lk",
  "http://wso2.org/claims/givenname": "Dialog",
  "http://wso2.org/claims/lastname": "IdeaBiz",
  "http://wso2.org/claims/role": "admin,Internal/subscriber"
}

So you can use this json object to authenticate API calls thats coming from Ideabiz to your API. and also you can verify source using above source IP. Use applicationId and applicationname to identify each and apps

Last updated on 14th Oct 2019