Ennov InSight API Documentation 7.2

ROPC Defined Example OAuth 2.0

Specify user credentials in the authentication request to perform API operations based on Ennov InSight security permissions.

To define client credentials:
  1. Submit a HTTPS POST request to: https://login.microsoftonline.com/<tenant_id>/oauth2/v2.0/token
    The tenant_id format: xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx.
    Note: In the URL above common is no longer supported with the v2 oauth2 endpoints so tenant_id must be used. The following parameters are updated.
    The body of the request should include the form-data:
    Parameter Name Value
    grant_type password
    client_id xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
    scope <registered client_id>/.default openid
    user name <user account with security permissions>
    password <password_for user_account>
    client_secret <registered client_secret>
    The Response generates an AzureBearerBody Token used in conjunction with the API X-CSRF-TOKEN access token generated in step 3.
  2. Submit an HTTPS GET request to get a token.
    Send an HTTP request (GET-request) to: http://hostname:port/insight/api/v2/token
    The body of the JSON response includes 
    { "xAuthToken": "44B1E9C995C654E38DDD82BF708784D1" }
    with the current session ID. The response header contains the following values:
    Parameter Name Value
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
  3. Use that token and login information to authenticate.
  4. Send a login POST-request to pass authentication using the same session (set JSESSIONID):
    Parameter Name Value
    URI: http://hostname:port/insight/api/v2/login
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb. This value is retrieved as a result of the previous request. (http://hostname:port/insight/api/v2/token)
    Request body (raw): {"access_token":"<obtained_access_token>", "token_type":"Bearer"

    This is the Azure Generated Authorization Token gathered in steps 1 and 2.

    After successful logon, the application creates a new session and a new token to use in subsequent API calls. The response header contains the following values:
    Parameter Name Values
    X-CSRF-HEADER X-CSRF-TOKEN
    X-CSRF-PARAM _csrf
    X-CSRF-TOKEN 40d67d97-fb28-4a78-a111-5bae0ee706bb
    Cookie JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

    The value is taken from XAuthToken form described in the step 2.

  5. Make an API call with your new token.
    All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) are sent through "/api/v2" URI (example: http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:
    Parameter Name Value
    Request header values:
    Content-Type: "application/json"
    X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb
    Cookie: JSESSIONID=44B1E9C995C654E38DDD82BF708784D1

    The value is taken from XAuthToken form described in the step 2.

    Request body: JSON object for the specific entity.
    Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.