iPIM Supply REST API Authentication
Overview
iPIM 4.4.04 introduced the first implementation of a fully integrated OAuth 2.0 authorization & resource server.
OAuth2 is a standardized authorization framework that enables delegation of user authorization to a central authorization server (iPIM).
For more details about OAuth 2.0, check out this reference:
Participants
There are different participants in the OAuth2 protocol:
- ResourceOwner: owner of the iPIM Supply data
- Client: external app or frontend that tries to access iPIM Supply data
- ResourceServer: server which contains the iPIM Supply data which belong to the ResourceOwner
- AuthorizationServer: server which authorizes or denies a Client application to access ResourceOwner (iPIM Supply) data
In current supply implementation, the ResourceServer is iPIM Supply and the AuthorizationServer is iPIM.
Grant Types
- Client Credentials
Client, ResourceServer, and AuthorizationServer are involved in authorization process. When the Client sends its id and secret, the AuthorizationServer sends an access token in exchange. This access token can be used to access the ResourceServer to manipulate its data.
Client Credentials should not be used in publicly accessible apps (e.g. an iPhone App) because the app can be decompiled and the client secret can be stolen!
Authenticate via Insomnia
A good tool for using the API is Insomnia.
Before interacting with the API, you need an OAuth2 token.
- Choose "OAuth 2.0" as an authentication type
- Choose "Client credentials" as a grant type
Update client id and client secret fields with user credentials to request an OAuth2 token. To get this information, you need to open iPIM server DB and run the following query:
SELECT NICKNAME, "PASSWORD" FROM USERS WHERE APIUSER = 1;- Update scope field with a valid permissions and client ID
- Click "Refresh Token" button
After receiving the access token, you are ready to access the resource data - Click "Send" button to access the resource data