Authentication
This document covers information about authentication within the wunderbon network
TL;DR
Authorization VS. Authentication - While Authentication is the process of ascertaining that a user really is who he claims to be, Authorization refers to rules that determine who is allowed to do what (e.g. Jane may be authorized to create and delete databases, while John is only authorised to read).
wunderbon uses state-of-the-art Authentication
provided by the one of the biggest specialist for Authentication called Auth0
(More information about Auth0). Like our paradigm, "wunderbon completely stands on the shoulders of giants!" we rely on specialists to secure everything with high security measurements. This applies to all authentication parts of the wunderbon network. Do not reinvent the wheel - make it better, make it smart.
How to authenticate
Most of the endpoints require you to authenticate and authorize. Requests that require authentication will sometimes return 404 Not Found, instead of 403 Forbidden. This is to prevent the accidental leakage of private data to unauthorized users.
You can authenticate against the wunderbon REST API by using one of the following Authentication-Types:
Supported Authentication-Types
HTTP
This Authentication-Type MUST be used by external clients like a Mobile-App, a Web-App (User Login = Token based (Bearer)
in exchange for Credentials
) or within the backend infrastructure (e.g. Machine to Machine). wunderbon issues currently only one kind of tokens. So no matter if you are a Merchant
, POS-Provider
or a Consumer
(web, app) you will most likely make use of a Bearer Token (JWT)
.
wunderbon supports the following Authentication-Scheme for the type HTTP
:
Supported Authentication-Schemes
Bearer
This Authentication-Scheme MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).
Currently, wunderbon supports the following Transportation-Method for submitting credentials:
Supported Transportation-Methods
Header
This Transportation-Method MUST be used by external clients like a Mobile-App, a Web-App or within the backend infrastructure (e.g. Machine to Machine).
Bearer Scheme
The Authentication-Scheme Bearer
is also known as JSON Web Token (JWT). It can be transmitted by the Transportation-Methods from the following examples:
This shows an example of an Bearer
Authorization with Transportation-Method Header:
Authorization: Bearer \
eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJzY290Y2guaW8iLCJleHAiO \
jEzMDA4MTkzODAsIm5hbWUiOiJDaHJpcyBTZXZpbGxlamEiLCJhZG1pbiI6dHJ1ZX0.03f \
329983b86f7d9a9f5fef85305880101d5e302afafa20154d094b229f75773
Token Lifetime
All tokens issued by the wunderbon network are valid for 24 hours. Then you need to renew your token (simply requesting a fresh one using your credentials). The lifetime is returned as attribute expiresIn
for every issued token.
Updated almost 3 years ago