Skip to main content

REST API Authentication

Permanently deleted user
Updated
With authentication based on ES256 algorithm you have to self-sign the token initially. That signed token can then be used instead of a shared secret when authorizing with callstats.io auth service for a session token. For further details about tokens you can have a look at our JWT blog post.
 
The following diagram shows the Authentication steps and the entities involved in the authentication process:
 
Screen_Shot_2018-04-05_at_9.55.14_AM.png

Customer Authentication API: This API is developed by you and is responsible for generating signed tokens for callstats authentication.

Callstats Authentication API: auth.callstats.io. For further instructions see docs.callstats.io.

Callstats REST API: Depending on payload either stats.callstats.io or events.callstats.io e.g.User Action Events. For further instructions see docs.callstats.io.

Authentication Steps
 
1. Your token request is any payload needed to create a valid self-signed token on customer's authentication service. The localID used here must be the same as the one to submit event/stats later. 
 
2. The Customer Authentication API developed must sign the token with alg set to ES256.
 
You can refer to https://www.callstats.io/api/#third-party-authentication to see what are the Application Token contents that must be included on step 3. 

3 - Once your App gets a valid token from your Customer Authentication API it can send an access request to Callstats Authentication API by passing the following parameters:

grant_type   string   Required   Must be set to "authorization_code"
code         string   Required   JWT signed ApplicationToken with alg set to ES256 (this is the signed token returned on Step 2 above)
client_id    string   Required   localID@appID ( localID is provided by the developer and MUST NOT  be null or empty)
4. Callstats Authentication API returns an access token to your App. Your App is now able to send any request to Callstats REST API.

A successful response from Callstats Authentication API is something like:

{
   "access_token":"-064b-4a76-8a2d-d686ec773992", "expires_in":3600, 
   "token_type": "bearer"
}

5. Your App can now send any request to Callstats REST API by including the access token in the authorization header.

POST /token HTTP/1.1
     Host: server.example.com
     Authorization: Bearer czZCaGRSa3F0MzpnWDFmQmF0M2JW
     Content-Type: application/json;charset=UTF-8
 

Related articles

Comments

0 comments

Please sign in to leave a comment.