PeopleTray’s Oauth2 framework is a very simple way to implement a Unified Token Authentication mechanism within your application.
Here is a three-step guide to making calls to PeopleTray API.
Base URI
Staging - https://staging-api-service.azurewebsites.net/
Production - https://api.peopletray.com
Production (Aus Instance) - https://au1-peopletray-public-api-service.azurewebsites.net
1. Obtain Your Application Sign In Credentials
Before you can obtain an authentication Token, you need to register an account with PeopleTray. You can do this by creating an account at http://www.peopletray.com
2. Obtaining an Access Token
Access token can be obtained by calling the authentication endpoint and passing in the username and password of the user associated with the account.
Endpoint: {baseUri}/.auth/login/custom
Method: POST
Request body payload:
{
"username": "test@test.com",
"password": "xxxxxxx"
}
Response object:
{
"authenticationToken": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJzeXNhZG1pbkBtaW5pbmdwYXRjaC5jb20i
"user": {
"userId": 9,
"username": "xxxxxx@xxxxxxxxx.com",
"firstName": "xxxxxx",
"lastName": "xxxxxxx"
}
}
See swagger for details of this endpoint:
{baseUri}/swagger/ui/index#!/CustomAuthentication/CustomAuthentication_Post
3. Calling an API with the Access Token
Once you have the authenticationToken, you need to supply this in the http request header as X-ZUMO-AUTH: <authenticationToken>
4. Token Validity
The Token has an expiry period of 90 days.
Currently, a Http Response Code of 302 is returned if an expired token is passed in.
To renew the token, see Step 2 above.
5. Token Validation - API
Validates the specified JWT token and returns if it is valid or not.
Endpoint {baseUri}/api/appservicetokenhandler/validatetoken
Method: GET
Authentication: none
Parameters:
token - string - required
Example:
{baseUri}/api/appservicetokenhandler/validatetoken?
token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzdWIiOiJ0b255MjRAbWluaW5ncGF0Y2guY29tIiwiVXNlcklk
IjoiMzE5NiIsIkNvbXBhbnlJZCI6IjU3IiwiQ29tcGFueU5hbWUiOiJBQSBEZW1vIC0gVG9ueTI0IiwiRnVsbE5hbWUi
OiJXYWduZXIgUm9iaW4iLCJXb3JrZ3JvdXBJZCI6IjEyNDAiLCJTZWN1cml0eVJvbGUiOiJTeXN0ZW1BZG1pbmlzd
HJhdG9yIiwidmVyIjoiMyIsImlzcyI6Imh0dHBzOi8vc3RhZ2luZy1hcGktcGVvcGxldHJheS5henVyZXdlYnNpdGVzL
m5ldCIsImF1ZCI6Imh0dHBzOi8vc3RhZ2luZy1hcGktcGVvcGxldHJheS5henVyZXdlYnNpdGVzLm5ldCIsImV4cCI
6MTU1MTI1ODQ1NCwibmJmIjoxNTQ4NjY2NDU0fQ.QdgjpLkd2066yG4ZkC5oDJM8AiBzmS_38utzUw-lpwU
Response Model:
{
"isValid": false,
"message": "IDX10223: Lifetime validation failed. The token is expired.\nValidTo: '02/27/2019 09:07:34'\n
}
OR
{
"isValid": true,
"message": "The token is valid."
}
All calls are returned with a Http Status Code of 200 OK, along with the above response object.