The Bearer Token Authentication

Apstrata provides the users and devices a bearer token authentication method that enables them to access protected resources without sending their credentials or tokens as parameters. Instead, users and devices can set in the Authorization header of any Apstrata HTTP request a bearer token that will be computed based on the application authentication key, their unique identifier and their Apstrata token.

Once the bearer token is set in the Authorization header, no signature, token, application key or identifier should be passed to the request.

The bearer token is computed by encoding the following string authkey:Identifier:token with the Base64 encoding scheme and then be set in the Authorization header of the request as follows:

Authorization: Bearer <Base64_encode(authKey:Identifier:token)>

The Bearer Token Authentication Rules

The Bearer Token Authentication on Apstrata follows the rules below:

The example below describes how to send a request to Apstrata using the bearer token authentication method.

Device R2D2 belongs to the applicationĀ X735F0C3PO, it needs to execute the Apstrata script deliverMessage using the bearer token authentication method. It will request a token by calling the GenerateToken API and signing with its credentials.

It will then use the returned token (1FFB2081F4E4A0680D72E469AEDB79AC) to compute its bearer token by Base64 encoding the following string:

X735F0C3PO:R2D2:1FFB2081F4E4A0680D72E469AEDB79AC

Finally, device R2D2 sends the RunScript request to the service URL and adds the bearer token (WDczNUYwQzNQTzpSMkQyOjFGRkIyMDgxRjRFNEEwNjgwRDcyRTQ2OUFFREI3OUFD) to theĀ Authorization header.

https://<serviceName>/rest/RunScript?apsws.time=[timestamp]&apsdb.scriptName=deliverMessage
Authorization: Bearer WDczNUYwQzNQTzpSMkQyOjFGRkIyMDgxRjRFNEEwNjgwRDcyRTQ2OUFFREI3OUFD