Authorization

Authorization#

In this section are described the authorization methods specially useful if you plan to work with the Bacularis API directly.

OAuth2#

General information#

Bacularis API

To obtain access tokens, the OAuth2 implementation in the Bacularis API uses the Authorization Code Grant flow.

  • Authorization URL: /oauth/authorize

  • Access Token URL: /oauth/token

Note

The Bacularis API does not use refresh tokens. After expiration token the client application has to re-authorize again.

Authorization code expire time is 7 seconds, access token expire time is 1 hour. You can change these default values in the file:

bacularis/protected/Common/Modules/OAuth2.php

You can find there the following constants:

  • AUTHORIZATION_ID_EXPIRES_TIME,

  • ACCESS_TOKEN_EXPIRES_TIME.

To learn the Bacularis API endpoints please visit the Bacularis API documentation.

Bacularis Web

OAuth2 callback URL (the redirect URI parameter) in the Bacularis Web for bacularis host is following:

https://bacularis:9097/web/redirect

Enabling OAuth2#

Default the Bacularis API uses the basic authentication. Enabling OAuth2 authorization gives additional features like:

  • access to Bacularis API by secure tokens,

  • OAuth2 scopes to limit access to API endpoint by endpoint types (/jobs/, /clients/… and so on).

Enable OAuth2 in API

To enable OAuth2 please switch the Bacularis API into the OAuth2 mode. You can do it in a Bacularis API panel as shown on the following image:

../_images/bacularis_enable_oauth2.png

Create admin OAuth2 client params

You need to create the admin OAuth2 client account which will be used by the Bacularis Web to connect to the Bacularis API. You can create it in a Bacularis API admin panel as shown on the following images:

../_images/bacularis_api_oauth2_1.png

../_images/bacularis_api_oauth2_2.png

Connect Bacularis Web using OAuth2 method

Now you can connect the Bacularis Web to the Bacularis API with using an OAuth2 authorization method in the Bacularis Web.

First please go in the Bacularis Web to the Security page on the tab API hosts and there please edit existing API host.

../_images/bacularis_web_oauth2_1.png

Please switch the method to OAuth2 and copy OAuth2 client account parameters (Client ID, Client secret…) from API panel to this form.

../_images/bacularis_web_oauth2_2.png