Security

The novomind iAGENT REST API is secured by OAuth2.

Authorization process

A client that wants to access resources, needs to be registered in the novomind iAGENT installation. This can be done by a supervisor user with the appropriate access rights through the "OAuth2 Applications" administration page in the novomind iAGENT Supervisor.

Once clients are registered with their client id and their client secret, they have to send an authorization request to obtain an access token.

The novomind iAGENT REST API supports the OAuth2 Authorization Code Grant, the Implicit Grant and the Resource Owner Password Credentials Grant. Please check out the OAuth2 specification for detailed information about the grants and how to obtain the access token. You can also find many client frameworks on oauth.net.

The OAuth2 authorization endpoint of a novomind iAGENT installation is <host>/iMail/api/rest/auth for supervisor users and <host>/agent/api/rest/auth for agent users.

The OAuth2 token endpoint is <host>/iMail/api/rest/token.

The novomind iAGENT REST API currently only supports the bearer access token type.