Brand Claim
Brand Claim
The SMARTPORTAL API is based on a REST architecture which makes SMART API predictable and resource oriented. It uses HTTP built-in features, like HTTP authentication, HTTP verbs (GET, POST, PUT, PATCH, DELETE) and HTTP response codes to allow easy access from any programming language via off-the-shelf libraries and tools.
In order to set up an affiliate application on the SSO of the SMARTPORTAL follow these steps:
Depending on the settings, you may need to wait for account approval completion.
Depending on the settings you need to wait for activation
SMART_SSO_UID = your_client_id
SMART_SSO_SECRET = your_app_secret
You can only edit and view your own applications.
In order to set up an affiliate application on the SSO of the SMARTPORTAL follow these steps:
GET /oauth/authorize
| Param | Type | Description |
|---|---|---|
| client_id | string | Your client_ID in SMARTSSO. You can find it here: https://id.smart.telekom-dienste.de/oauth/applications |
| redirect_uri | string | Redirect URL after the user is signed in. Has to match with the callback URL in SMARTSSO. |
| response_type | string | code |
| Param | Type | Description |
|---|---|---|
| code | string | Token that will be used in following requests |
POST /oauth/token
| Param | Type | Description |
|---|---|---|
| client_id | string | Your client_ID in SMARTSSO. You can find it here: https://id.smart.telekom-dienste.de/oauth/applications |
| client_secret | string | Your client_Secret in SMARTSSO. You can find it here: https://id.smart.telekom-dienste.de/oauth/applications |
| code | string | Returns code received from the first request |
| redirect_uri | string | Redirect URL after the user is signed in. Has to match with the callback URL in SMARTSSO. |
| grant_type | string | Returns authorization_code |
| Param | Type | Description |
|---|---|---|
| access_token | string | JWT representing the logged in resource |
| token_type | string | "Bearer" |
| expires_in | integer | Time for expiration for the JWT in seconds |
| refresh_token | string | Use for requests after the expiration time has passed |
| scope | string | Possible options: "read", "write" |
| id | uuid | ID of the logged user |
| string | Email of the logged user | |
| first_name | string | First name of the logged user |
| last_name | string | Last name of the logged user |
| role | string | Role of the logged user (ex: “user”, “admin”) |
If you get any errors, please check the Errors section in the end.
When a request fails, the API returns an error message describing what went wrong. In this section you can read more about these errors and what are the possible solutions for each case.
The message received when a user has no access to the app is the following:
Sie haben noch keinen Zutritt zu APPLICATION_NAME. Bitte wenden Sie sich an smart-portal@telekom.de oder einen Administrator.
In this case, the user is asked to contact the service or an Admin in order to grant him access to the app.
When trying to authenticate via SSO, the Client UID needs to be correctly configured. The message that indicates a wrong UID is the following:
Client-Autorisierung MKIM ist fehlgeschlagen: Unbekannter Client, keine Autorisierung mitgeliefert oder Autorisierungsmethode nicht unterstützt.
The Client UID should be the one provided by Smart SSO.
When trying to authenticate via SSO, the redirect URI needs to be correctly configured. The message that indicates a wrong redirect URI is the following:
Der Redirect-URI in der Anfrage ist ungültig.
In this case, it means that the redirect uri sent does not match with the Callback URL set in the Smart SSO.
When setting the response, the params needs to be correct configured. The message that indicates a wrong type or params is the following:
Der Autorisierungs-Server unterstützt diesen Antwort-Typ nicht.
Remember that the response type should be set to ‘code’. This error message can also appear when you send wrong params in the GET request to ‘/oauth/authorize’.
Remember that all requests should be sent as https.