This section is intended to explain how to manage temporary token authentication on BoondManager.

This method of authentification is more secured than permanent token so it is required in order to publish an App on our marketplace.

Install your App

Follow the process on Quick start guides - Install your App section.

When BoondManager will make a POST Request with the App Token, the following fields will be returned:

  • refreshToken : used to refresh your App token when it has expired or is about to expire
  • createdAt : App's token creation date
  • expiresIn : Time in seconds from createdAt when your App token will expired
Validate your App

Sometimes, our BoondManager will need to validate again your App in order to be able to use it:

  • When your scopes (APIs allowed) change
  • If your App token is used with a wrong App Key or wrong userToken

In this case when a customer's administrator click on the "Validate" button on your App's page, it will be prompted with a confirmation window (Like the section Quick start guides - Install your App). Once the administrator confirmed, validation boils down to give you a new App's token and refresh token. The process is 2 steps:

  • Requesting your App's host to allow validating the App.
  • Your server confirms the operation.

We will send a POST request to the /validate end-point. The body is encoded as we did for the installation.

Request for validating the App

Attribute Description Type Mandatory
  clientToken    Unique client token string   Yes
  appToken   The App's Token string   Yes
  refreshToken

  The App's Refresh Token.

  Not used if Security Token is permanent.

  string        Yes
  createdAt

  The App's Token creation date.

  Date formatted:

  • [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{4}

  Not used if Security Token is permanent.

  string       Yes
  expiresIn

  The App's Token expiration time in seconds.

  Not used if Security Token is permanent.

  integer       Yes
  issuedAt

  Date formatted:

  • [0-9]{4}-[0-9]{2}-[0-9]{2}T[0-9]{2}:[0-9]{2}:[0-9]{2}[+-][0-9]{4}
string  Yes 

Confirmation response

The response is a JSON object with the following attributes:

Attribute Description Type Mandatory
  result   true if success, otherwise false boolean  Yes
  errorMessage   Error message if (result = false) string  No 
Refresh your App token

When you have to call BoondManager APIs with X-Jwt-App-Boondmanager, our server can answer with an error 422 which code is 2205. This means that your App's Token has expires.

So, we advise you to check if appToken is about to expire in the 5 next minutes.

Thus, initiate a call to refresh your token. You have to use the endpoint /marketplace/refresh-token described into our API's documentation .

Uninstall your App

Follow the process on Quick start guides - Uninstall your App section.

Cet article vous a-t-il été utile ?
Utilisateurs qui ont trouvé cela utile : 0 sur 0

Commentaires

0 commentaire

Cet article n'accepte pas de commentaires.