Plattforms-API-autentisering (JWT)

vitalera REST API anvaender JWT (JSON Web Token)-autentisering baserat paa OAuth 2.0-standarden.

Haemta uppgifter

Kontakta support@vitalera.io foer att begaera:

Client ID — identifierar din applikation
Client Secret — autentiserar din applikation
Application ID — anvaends foer rotation av uppgifter

Client Credentials Grant

Foer server-till-server (maskin-till-maskin) integrationer:

curl -X POST "https://api.vitalera.io/api/auth/tokens/" \
     -H "Content-Type: application/json" \
     -d '{
           "grant_type": "client_credentials",
           "client_id": "<CLIENT_ID>",
           "client_secret": "<CLIENT_SECRET>"
         }'

Svar:

{
  "access_token": "<ACCESS_TOKEN>",
  "token_type": "Bearer",
  "expires_in": 3600
}

Password Grant

Foer anvaendarinloggningsfloeden (t.ex. mobil- eller webbappar som autentiserar enskilda anvaendare):

curl -X POST "https://api.vitalera.io/api/auth/tokens/" \
     -H "Content-Type: application/json" \
     -d '{
           "grant_type": "password",
           "username": "<USERNAME>",
           "password": "<PASSWORD>"
         }'

Svar:

{
  "id_token": "<ID_TOKEN>",
  "access_token": "<ACCESS_TOKEN>",
  "refresh_token": "<REFRESH_TOKEN>",
  "sub": "<USER_ID>"
}

Goera API-anrop

Inkludera aatkomsttoken i Authorization-huvudet foer varje begaeran:

curl -X GET "https://api.vitalera.io/api/plans/" \
     -H "Authorization: Bearer <ACCESS_TOKEN>"

Tokens giltighet

Aatkomsttoken aer giltiga i 1 timme (3600 sekunder). Naer en token loeper ut returnerar API:et HTTP 401 Unauthorized:

{
  "errors": [
    {
      "errorType": "expired_token",
      "message": "Access token expired"
    }
  ]
}

Tokenfoernyelse

Om du fick en refresh token (via loeesenordsbeviljande) kan du foernya din aatkomsttoken utan att autentisera paa nytt:

curl -X POST "https://api.vitalera.io/api/auth/tokens/refresh/" \
     -H "Content-Type: application/json" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -d '{
           "refresh_token": "<REFRESH_TOKEN>"
         }'

Tokenvalidering

Verifiera att en token fortfarande aer giltig:

curl -X GET "https://api.vitalera.io/api/auth/tokens/validate/" \
     -H "Authorization: Bearer <ACCESS_TOKEN>"

Rotation av uppgifter

Foer saekerhetens skull, rotera regelbundet dina klientuppgifter. Detta kraever en giltig JWT och application_id:

curl -X POST "https://api.vitalera.io/api/applications/rotate_credentials/" \
     -H "Authorization: Bearer <ACCESS_TOKEN>" \
     -H "Content-Type: application/json" \
     -d '{
           "application_id": "<APPLICATION_ID>"
         }'

Svar:

{
  "id": "<APPLICATION_ID>",
  "name": "TestApp",
  "organization": "123",
  "client_id": "<NEW_CLIENT_ID>",
  "client_secret": "<NEW_CLIENT_SECRET>",
  "application_types": ["API"]
}

Efter rotation ogiltigfoerklaras de tidigare uppgifterna omedelbart.

Behoever du hjaelp?

Kontakta support@vitalera.io foer assistans med autentiseringskonfiguration.

Haemta uppgifter​

Client Credentials Grant​

Password Grant​

Goera API-anrop​

Tokens giltighet​

Tokenfoernyelse​

Tokenvalidering​

Rotation av uppgifter​

Behoever du hjaelp?​

Haemta uppgifter

Client Credentials Grant

Password Grant

Goera API-anrop

Tokens giltighet

Tokenfoernyelse

Tokenvalidering

Rotation av uppgifter

Behoever du hjaelp?