Ennov InSight API Documentation 7.2

Client Credentials Defined Example OAuth 2.0

Use OAuth 2.0 client credentials grant flow to enable a web service to use its own credentials to authenticate another call web service.

To define client credentials:
  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
    tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
    Note: In the URL above common is no longer supported with the v2 oauth2 endpoints so tenant_id must be used. The following parameters are updated.
    The body of the request should include the form-data:
    Parameter Name Value
    grant_type client_credentials
    client_id xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
    scope <registered client_id>/.default openid
    client_secret <registered client_secret>
    The Response generates an AzureBearerBody Token used in conjunction with the API X-CSRF-TOKEN access token generated in step 3.
  2. Submit an HTTPS GET request to get a token.
    Send an HTTP request (GET-request) to: http://hostname:port/insight/api/v2/token
    The body of the JSON response includes 
    { "token": "xAuthToken": "44B1E9C995C654E38DDD82BF708784D1" }
    with the current session ID. The response header contains the following values:
    Parameter Name Value
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  3. Use that token and login information to authenticate.
  4. Send a login POST-request to pass authentication using the same session (set JSESSIONID):
    Parameter Name Value
    URI: http://hostname:port/insight/api/v2/login
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb. This value is retrieved as a result of the previous request. (http://hostname:port/insight/api/v2/token)
    Cookie: JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

    The value is taken from XAuthToken form described in the step 2.

    Request body (raw): 
    {{AzureBearerBody}}
    This is the Azure Generated Authorization Token gathered in steps 1 and 2.
    After successful logon, the application creates a new session and a new token to use in subsequent API calls. The response header contains the following values:
    Parameter Name Values
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  5. Make an API call with your new token.
    All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) are sent through "/api/v2" URI (example: http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:
    Parameter Name Value
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb
    Cookie: JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

    The value is taken from XAuthToken form described in the step 2.

    Request body: JSON object for the specific entity.
    Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.