This document covers information about authentication within the wunderbon network
Authorization VS. Authentication - While Authentication is the process of ascertaining that a user really is who he claims to be, Authorization refers to rules that determine who is allowed to do what (e.g. Jane may be authorized to create and delete databases, while John is only authorised to read).
wunderbon uses state-of-the-art
Authentication provided by the one of the biggest specialist for Authentication called
Auth0 (More information about Auth0). Like our paradigm, "wunderbon completely stands on the shoulders of giants!" we rely on specialists to secure everything with high security measurements. This applies to all authentication parts of the wunderbon network. Do not reinvent the wheel - make it better, make it smart.
How to authenticate
Most of the endpoints require you to authenticate and authorize. Requests that require authentication will sometimes return 404 Not Found, instead of 403 Forbidden. This is to prevent the accidental leakage of private data to unauthorized users.
You can authenticate against the wunderbon REST API by using one of the following Authentication-Types:
This Authentication-Type MUST be used by external clients like a Mobile-App, a Web-App (User Login =
Token based (Bearer) in exchange for
Credentials) or within the backend infrastructure (e.g. Machine to Machine). wunderbon issues currently only one kind of tokens. So no matter if you are a
POS-Provider or a
Consumer (web, app) you will most likely make use of a
Bearer Token (JWT).
wunderbon supports the following Authentication-Scheme for the type
This Authentication-Scheme MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).
Currently, wunderbon supports the following Transportation-Method for submitting credentials:
This Transportation-Method MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).
Bearer is also known as JSON Web Token (JWT). It can be transmitted by the Transportation-Methods from the following examples:
This shows an example of an
Bearer Authorization with Transportation-Method Header:
Authorization: Bearer \ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiO \ jEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f \ 329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f75773
All tokens issued by the wunderbon network are valid for 24 hours. Then you need to renew your token (simply requesting a fresh one using your credentials). The lifetime is returned as attribute
expiresIn for every issued token.
Updated about 1 year ago