Authorization for API resources - Intergraph Smart Electrical - 2.1 - Help - Intergraph

Intergraph Smart Electrical Smart API Help

Language
English (United States)
Product
Intergraph Smart Electrical
Search by Category
Help
Smart Electrical Web Version
2.1

All Smart APIs are secured with the OAuth2 protocol. As a user, you must identify yourself and be authorized to access API resources. Authorization is provided via an access token, which you must request from an authorization server (in this case, the security token service bundled with Smart API Manager).

Smart API Manager lets you perform the following tasks, all of which are required before you can get an access token:

  • Register Smart APIs

  • Create and manage Users and Groups.

  • Authorize a group to access a Smart API, including configuring any required claims for the API.

  • Register Smart Clients. You must have a Client ID to request an access token.

See the Smart API Manager Online Help for details on how to configure all the required settings in Smart API Manager. If you do not have permission to log in with Smart API Manager, you will need to speak with the person at your company responsible for installing and configuring Smart API Manager and Smart APIs to get the required information.

Get an access token

You must get and include an access token with every call to protected resources exposed from your API. For this tutorial, the predefined Get Token POST request retrieves a new access token from the authorization server.

To get a token, do the following:

  1. In the Collections tab, click the first request 01.01 Get Description and click Send.

    The response exposes information about the API version, the base URI, the Smart API manager provider (TokenIssuerUri), and the resource ID (TokenAudience) for all the request calls:

  2. Run the request 01.02 Get Token.

  3. Move the cursor over the variable {{samServerUri}} in the address bar. Verify that the CURRENT VALUE in the tool tip displays the value you have configured in the environment.

  4. Click the Body tab of the request and ensure that the following keys and values appear:

  5. Click .

    The response returns a string with a success status.

    An access token will expire based on configuration in Smart API Manager. If your access token has expired when you make a request, the API returns a 401 Unauthorized status and error message: Token validation failed...

When this happens, return to the Collections tab, click the Get Token query, and click .