/
Authorization

Authorization

Owned by Shreyasi Prasad (Unlicensed)
Last updated: Jun 22, 2022 by Praveen Kumar (Unlicensed)
2 min read

 

 

Step1. Find all the connections corresponding to the integration type of “tatacliq“ at regular interval using cron.

Query Used:

SELECT `connectionId` FROM `channels` WHERE `integrationType` = :integrationType;

Step2. For each active connection( if isActive =”active”) if the difference between the expiry and the last cron run time is less than or equal to 2 hours then push it into the task queue.

Query Used:

SELECT `id`,`accessTokenExpiryAt`,`inputFields` FROM `ie_appinstall_connection` WHERE `id` IN :connectionIdList AND `isActive`="active";

 

Step3: Listener will listen from the taskqueue and call the createToken API one at a time.

Create Token POST API:

https://intapppreprod2.tataunistore.com/security/createJWTToken

Include in Header:

Authorization: Basic aW50ZWdyYTp0YXRhY2xpcUAxMjMK

Request Body: Required fields can be extracted from the inputFields

{ "username": "jumpusa92@gmail.com", "password": "123test", "sellerCode": "124346", "callerName":"any" }

Response Body:

{ "timestamp": "2022-06-16T15:08:15.663", "message": "Token is Created Successfully", "jwtToken": "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJqdW1wdXNhOTJAZ21haWwuY29tLDEyNDM0NiIsImV4cCI6MTY1NTQ1Nzg4NSwiaWF0IjoxNjU1MzcxNDg1fQ.8re9m0YZTRJDTUE9vO3604xQnSiHduCdhQrchmHXuLvlBDgaroqweL7kJbC7n1DT9urPeWu0qvloQmDtM9OLBw", "tokenExpiryDate": "2022-06-17T14:54:45.354" }

 

Step4. Update the accessToken and its info in the database.

Query Used:

UPDATE `ie_appinstall_connection` SET `accessToken` = :new_access_token, `accessTokenExpiryAt` = :new_expiry_time, `accessTokenGeneratedOn` = :current_time WHERE `ie_appinstall_connection`.`id` = :connection_id;

 

For every other API for authenatication:

Include in Header:

Authorization: Bearer <jwt Token>

Threshold period: 15 min - no new JWT token for the same info can be created in this time

Expiry time: 24 hrs

FAQ:

  • Run create token API - get JWT token

  • Before threshold time - on running create token API - The same token returned(no new token generated). The token can be used in this period.

  • After threshold time, before expiry - on running create token API - new token generated. The token needs to be refreshed in this period of time(before expiry).

  • After expiry - Token can’t be used. A new token needs to be generated.

  • After the new token is generated old token cannot be used.

 

Errors:

  1. If request method is not POST then you will get 405 Method Not Allowed.

  2. Passing the first point, if the body is not proper then you will get 500 Internal Server Error.

  3. If you don’t pass the header Authorization: Basic aW50ZWdyYTp0YXRhY2xpcUAxMjMK then you will get 401 Unauthorized.

Related content