Authentication

The authentication of the calls on the API are performed by means of a previously obtained JWT token.

The token lifespan is 24 hours, which means a new token has to be obtained regularly for your application to run smoothly.

Obtaining a JWT token

You can get a new JWT token by performing a POST on the /api/account/token/ URL.

POST /api/account/token/ HTTP/1.1
Host: extranet.kosc-telecom.fr
Content-Type: application/json

{
    "email": "email@domain.com",
    "password": "xxxxxxxxxx",
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "token": "eyJhbGciOiJIUzIInR5cCI6I.48rgjeijw2qef24o3du2eufonefwe",
    "user": {
        "date_joined": "2017-11-22T10:04:13Z",
        "last_login": "2019-03-19T06:54:08Z",
        "user_uuid": "ut8rie3",
        "operator_name": "Stella",
        "language": "en",
        "fullname": "Stella User",
        "first_name": "Stella",
        "last_name": "User",
        "cell_phone_number": "0606060606",
        "email": "user.stella@kosc-telecom.fr",
        "groups": [
            11
        ],
        "operator_uuid": "9jxt7k2r"
    }
}

Using a JWT token

Warning

Initially the token could be provided for each request in query string parameter jwt. This is deprecated.

Once obtained, the token must be provided for each request by means of the Authorization header JWT TOKEN.

GET /api/users/ut8rie3/ HTTP/1.1
Authorization: JWT eyJhbGciOiJIUzIInR5cCI6I.48rgjeijw2qef24o3du2eufonefwe
Host: extranet.kosc-telecom.fr

HTTP/1.1 200 OK
Content-Type: application/json

{
    "date_joined": "2017-11-22T10:04:13Z",
    "last_login": "2019-03-19T06:54:08Z",
    "user_uuid": "ut8rie3",
    "operator_name": "Kosc",
    "language": "en",
    "fullname": "Stella",
    "first_name": "Stella",
    "last_name": "User",
    "cell_phone_number": "0606060606",
    "email": "stella@kosc-telecom.fr",
    "groups": [
        11
    ],
    "operator_uuid": "9jxt7k2r"
}

Refresh token

If token is non-expired tokens can be “refreshed” to obtain a brand new token with renewed expiration time by performing a POST on the /api/account/token/refresh/ URL.

Note

Refresh with tokens can be repeated (token1 -> token2 -> token3), but this chain of token stores the time that the original token (obtained with username/password credentials). You can only keep refreshing tokens up to 7 days.

POST /api/account/token/refresh/ HTTP/1.1
Host: extranet.kosc-telecom.fr
Content-Type: application/json

{
    "token": "eyJhbGciOiJIUzIInR5cCI6I.48rgjeijw2qef24o3du2eufonefwe"
}

HTTP/1.1 200 OK
Content-Type: application/json

{
    "token": "eyJhbGciOiJIUzIInR5cCI6I.48rgjeijw2qef24o3du2eufonefwenew",
    "user": {
        "date_joined": "2017-11-22T10:04:13Z",
        "last_login": "2019-03-19T06:54:08Z",
        "user_uuid": "ut8rie3",
        "operator_name": "Stella",
        "language": "en",
        "fullname": "Stella User",
        "first_name": "Stella",
        "last_name": "User",
        "cell_phone_number": "0606060606",
        "email": "user.stella@kosc-telecom.fr",
        "groups": [
            11
        ],
        "operator_uuid": "9jxt7k2r"
    }
}

Verify token

You can verify the validity of your token by performing a POST on the /api/account/token/verify/ URL.

POST /api/account/token/refresh/ HTTP/1.1
Host: extranet.kosc-telecom.fr
Content-Type: application/json

{
    "token": "eyJhbGciOiJIUzIInR5cCI6I.48rgjeijw2qef24o3du2eufonefwe"
}

Passing a token to the verification endpoint will return a 200 response and the token if it is valid.

HTTP/1.1 200 OK
Content-Type: application/json

Otherwise, it will return a 400 Bad Request.

HTTP/1.1 400 OK
Content-Type: application/json