EAF-REST API provides a powerful, convenient, and simple Web services API for interacting with ONEWEB 4.0 for standard CRUD operations to database.

This feature uses the concept of JWT (Json Web Token) for security. Client can connect to server, send and receive data in JSON (JavaScript Object Notation) format. All requests from the client should send the "Authorization" parameter in header. See below for the steps to connect to server.



Figure 1: sequence diagram of steps to connect to server


  1. Request login

First step, client logs in to server with user information. EAF-REST provide login service URL "http://[IP Address]:[Port]/eaf-rest/login"

Client connects using POST method and sends user information like this


{

 "username" : "User Name",

 "password" : "Password",

 "ldapproviderurl" : "",

 "clientId" : "C00292818"

}


Note: "clientId" is random generated unique key from client.


  1. Server create token

Server creates payload information and generate token.


  1. Return token to client

The client receive message from server. For example see message below.


{

   "timestamp": "1510363014419",

   "validity": 86400,

   "id_token":   "eyJhbGciOiJIUzUxMiJ9.eyJzdWIiOiJkbXBzeXN0ZW0iLCJjbGllbnRJZCI6ImFiYyIsImV4cCI6MTUxMTIyNzAxNCwiaXNzIjoiY29tLmF2YWxhbnQuand0In0.UXR5LbqWruWy3rJur2Lx2E1nfI73JX3QBQXA4c2u2_CTSSzceRRMyziGevhtRe16AzAgZGKhny3PdfNltIT5Hw"

}


timestamp: Date and time server generate token

validity: age of token in millisecond when server return token to client. The token will expire by calculating validity from timestamp and validity:  days = ((validity/3600)/24) ONEWEB 4.0 set default expires in 1 day.

id_token: this is the value client use attach to http header authorization key


  1. Client send request with authorization header

When client connect to server every message should attach the token to authorization key in HTTP header


  1. Server check signature and Expire date

When server receive message from client, it will check signature and expire date of token to validate the message. If the message is valid, server will continue to process message from client. For invalid messages, server rejects request from that client.


  1. Send response to client

After server process the request, will send the response to client.