App tokens

In the Unifize platform, token generation adheres to the two-legged OAuth2.0 protocol, which is particularly useful for applications needing to authenticate and authorize without direct user involvement.

Creating an app

The process kicks off with a developer creating an app within the Unifize environment. Upon successful creation, the developer is provided with two crucial pieces of information: an app id and a private key. These elements are fundamental to the token generation process, which forms the backbone of secure communication between the app and Unifize's APIs.

Crafting token request JWT

The next step involves constructing a JSON Web Token (JWT), which serves as the vehicle for requesting an access token. Within this JWT, three essential claims are defined.

• The iss claim represents the app id, uniquely identifying the app making the request.

• The iat claim specifies the issued-at timestamp, reflecting the current time in seconds based on Coordinated Universal Time (UTC).

• The expclaim indicates the expiration of the token, set to the value of iat plus 600 seconds, establishing a 10-minute validity window.

The JWT must be signed using the RSA 256 algorithm, which relies on the app's private key. This cryptographic signature validates the authenticity of the request.

Requesting a token

Having constructed and signed the JWT, the application proceeds to the token request phase. This involves making a POST request to the /application/token endpoint, accompanied by an Authorization header populated with the value Bearer <JWT>. This header encapsulates the JWT, signaling to the server that the request is made on behalf of a trusted entity.

Upon successful validation, the server responds with an access token and its associated expiration timestamp. This access token acts as a digital key, enabling the application to perform authorized actions on the Unifize platform.

Consequently, the application can now interact with various APIs by including the Authorization header, formatted as Bearer <access_token>, to authenticate each request seamlessly.