Telekom ClaimBrand Claim

Authentication

Machine to machine authentication

Identify your account UID and secret

To use the API you must provide your account UID and secret in authentication request via Basic Auth. Your UID and secret can be found in the SMARTSSO Admin.

Authentication

For every machine to machine requests the client needs to authenticate through the SMARTSSO.

Endpoint:

GET https://id.smart.telekom-dienste.de/api/v1/auth/token

Response (JSON):

{

"token":"_jwt_token_"

}

This token is valid for 30 minutes and will be used for subsequent requests, the received token should be sent as bearer token in Authentication header.

Authentication header:

Authorization="Bearer _jwt_token_"

User behalf authentication

Some requests will need to be done in user’s behalf. For that, the user needs to authenticate first in the affiliate application using OAuth2 documented here.

The JWT token generated by SMARTSSO will be used for subsequent requests, the received token should be sent as bearer token in Authentication header.

Authentication header:

Authorization="Bearer _jwt_token_"

Create a user

Affiliate applications can invite users their application. When a user is created a membership between user and affiliate application is also created so the user will be able to log in the affiliate application with SSO. After the creation the user will receive an email with a link to define a password in the SSO provider.

Machine2Machine Token Flow Authentication
Endpoint:

POST https://id.smart.telekom-dienste.de/api/v1/users

Payload (JSON):

{

"user": {

"first_name": "First Name",

"last_name": "Last Name",

"email": "username@telekom.de"

}

}

Response:

{

"id": "uuid",

"first_name": "First Name",

"last_name": "Last Name",

"email": "username@telekom.de",

"errors": {}

}

Related Articles