Authentication

This document covers information about authentication within the wunderbon network

πŸ‘

TL;DR

Authorization VS. Authentication - While Authentication is the process of ascertaining that a user really is who he claims to be, Authorization refers to rules that determine who is allowed to do what (e.g. Jane may be authorized to create and delete databases, while John is only authorised to read).

wunderbon uses state-of-the-art Authentication provided by the one of the biggest specialist for Authentication called Auth0 (More information about Auth0). Like our paradigm, "wunderbon completely stands on the shoulders of giants!" we rely on specialists to secure everything with high security measurements. This applies to all authentication parts of the wunderbon network. Do not reinvent the wheel - make it better, make it smart.

64

How to authenticate

Most of the endpoints require you to authenticate and authorize. Requests that require authentication will sometimes return 404 Not Found, instead of 403 Forbidden. This is to prevent the accidental leakage of private data to unauthorized users.

You can authenticate against the wunderbon REST API by using one of the following Authentication-Types:

πŸ“˜

Supported Authentication-Types

  • HTTP

This Authentication-Type MUST be used by external clients like a Mobile-App, a Web-App (User Login = Token based (Bearer) in exchange for Credentials) or within the backend infrastructure (e.g. Machine to Machine). wunderbon issues currently only one kind of tokens. So no matter if you are a Merchant, POS-Provider or a Consumer (web, app) you will most likely make use of a Bearer Token (JWT).

wunderbon supports the following Authentication-Scheme for the type HTTP:

πŸ“˜

Supported Authentication-Schemes

  • Bearer

This Authentication-Scheme MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).

Currently, wunderbon supports the following Transportation-Method for submitting credentials:

πŸ“˜

Supported Transportation-Methods

  • Header

This Transportation-Method MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).

Bearer Scheme

The Authentication-Scheme Bearer is also known as JSON Web Token (JWT). It can be transmitted by the Transportation-Methods from the following examples:

This shows an example of an Bearer Authorization with Transportation-Method Header:

Authorization: Bearer \
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiO \
jEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f \
329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f75773

Token Lifetime

All tokens issued by the wunderbon network are valid for 24 hours. Then you need to renew your token (simply requesting a fresh one using your credentials). The lifetime is returned as attribute expiresIn for every issued token.


What’s Next