Authentication

You can use any API tools to manage cards with Axidian CertiFlow API. This article describes how to configure API authentication in Swagger, Postman, Windows Powershell and Linux Bash.

Select the instruction depending on the authentication type configured in the Axidian CertiFlow Configuration Wizard.

Windows

Check authentication settings

1. Launch the IIS Manager and select Default Web Site in the left menu.
2. Expand the CertiFlow applications list and select the api application.
3. In the application control panel, select the Authentication property and make sure that Windows Authentication is set.
4. Close the IIS Manager.
5. Open the C:\inetpub\wwwroot\certiflow\api\appsettings.json configuration file and make sure that the authentication parameter is set to Windows.

Swagger

To use Swagger, set up the API configuration file:

1. Navigate to the C:\inetpub\wwwroot\certiflow\api catalog and open the appsettings.json file.
2. In the webApiSettings section, set the enableSwagger parameter to true and save the changes.
3. Apply changes to the Axidian CertiFlow Server.

Swagger is available at https:///certiflow/api/swagger.

Postman

Postman is available as a desktop or a web application. The instruction below describes how to configure authentication in the Postman desktop application.

1. Click Add in the workbench to open a new tab.
2. Go to the Auth tab and select NTLM Authentication.
3. Enter the username and password.
4. Select the request type and specify the request URL.
5. Click Send.

OpenID Connect

Check authentication settings

To check API authentication settings on the Axidian CertiFlow Windows server:

1. Launch the IIS Manager and select Default Web Site in the left menu.
2. Expand the CertiFlow applications list and select the api application.
3. In the application control panel, select the Authentication property and make sure that Anonymous Authentication is set.
4. Close the IIS Manager.
5. Navigate to the C:\inetpub\wwwroot\certiflow\api catalog and open the appsettings.json file.
6. Make sure the authentication parameter is set to OAuth2Introspection.

To check API authentication settings on the Axidian CertiFlow Linux server:

1. Navigate to the /opt/axidian/certiflow/api catalog and open the appsettings.json file.
2. Make sure the authentication parameter is set to OAuth2Introspection.

Swagger

To use Swagger, set up the API configuration file:

1. Navigate to the C:\inetpub\wwwroot\certiflow\api catalog in Windows OS or /opt/axidian/certiflow/api in Linux OS and open the appsettings.json file.
2. In the webApiSettings section, set the enableSwagger parameter to true.
3. Save the changes.
4. Apply changes to the Axidian CertiFlow Server.

To authenticate in Swagger:

1. Open your browser and go to https:///certiflow/api/swagger.
2. Click Authorize.
3. In the Scopes string, click Select all.
4. Click Authorize.

Postman

Postman is available as a desktop or a web application. The instruction below describes how to configure authentication in the Postman desktop application.

To configure authentication in Postman:

1. Click  Add in the workbench to open a new tab.
2. Navigate to the Auth tab and select OAuth 2.0.
3. Leave the Add auth data to field value as default.
4. In the Current Token section, leave the Header Prefix field value as default.
5. In the Configure New Token section, specify the data to obtain an access token:
   • Token Name – specify the token name.
   • Grant Type – select Password Credentials.
   • Access Token URL – specify the link to obtain an access token: https:///oidc/connect/token.
   • Client ID – specify the WebApiClient service identifier.
   • Username – specify the username in the Domain\Username format.
   • Password – specify the user password.
   • Client Authentication – select Send as Basic Auth header.
6. Click Get New Access Token.
7. Click Use Token.

To make an API request:

1. Select the request type.
2. Specify the request URL.
3. Click Send.

Windows Powershell

To work with the API through Powershell, use Powershell scripts.

Obtain an access token and make a request:

1. Open the terminal or a Powershell script file and prepare the following parameters.

   $body = @{grant_type='password'; username='Domain\Username'; password='P@ssw0rd'; scope='openid webapi';client_id='WebApiClient' }
   $url="https://<FQDN сервера Axidian CertiFlow>/oidc/connect/token"

2. Extract the access token from the response.

   $resp = Invoke-RestMethod -Method Post -Uri $url -Body $body -UseDefaultCredentials
   $token = $resp.access_token

3. Add the token to the request header.

   $headers = @{Authorization="Bearer $token"}

4. Make a request.

   Invoke-RestMethod -Method Get -Uri $url -Headers $headers -UseDefaultCredentials

Linux Bash

To work with the API through Linux Bash, use Bash scripts.

Obtain an access token and make a request:

1. In the terminal or in a Bash script file, prepare the following parameters.

   username="DOMAIN\\username"
   password="P@ssw0rd"
   base_url="https://<FQDN сервера Axidian CertiFlow>"
   body="grant_type=password&username=$username&password=$password&scope=openid%20webapi&client_id=WebApiClient"
   token_url="$base_url/certiflow/oidc/connect/token"

2. Extract the access token from the response.

 ```bash
 resp=$(curl -s -X POST $token_url -H "Content-Type: application/x-www-form-urlencoded" --data $body)
 token=$(echo $resp | grep -o '"access_token": "[^"]*' | cut -d'"' -f4)

3. Add the token to the request header.

   headers="Authorization: Bearer $token"

4. Make a request.

   GET request example

   curl -X GET "$base_url/certiflow/api/Cards?state=Issued&offset=0&count=0" -H "$headers" -d ''
   POST request example

   curl -X POST "$base_url/certiflow/api/Cards/123/Enable" -H "$headers" -d ''

Bash script example

#!/bin/sh
#User input
username="DEMO\\admin"
password="P@ssw0rd"
base_url="https://certiflow-test.local"
body="grant_type=password&username=$username&password=$password&scope=openid%20webapi&client_id=WebApiClient"
token_url="$base_url/certiflow/oidc/connect/token"
# Get token
resp=$(curl -s -X POST $token_url -H "Content-Type: application/x-www-form-urlencoded" --data $body)
# Parse token
token=$(echo $resp | grep -o '"access_token": "[^"]*' | cut -d'"' -f4)
# Combine header
headers="Authorization: Bearer $token"
# Test enable card (POST)
curl -X POST "https://certiflow-test.local/certiflow/api/Cards/123/Enable" -H "accept: */*' -d ''
# Test Get enabled card (GET)
curl -X GET "https://certiflow-test.local/certiflow/api/Cards?state=Issued&offset=0&count=0" -H "accept: text/plain"