Authorization API
Endpoint is /sso/ttapi/2.0/authz/0/authn.
Function exchanges a valid SSO Token acquired via authentication at SSOCircle to an long lived authorization token used for API access.
Request(POST) | |||
Parameters | Type | Value | Description |
grant_type | Request parameter | urn:ssocircle:api:sessiontoken or password | the type of credentials submitted in the password parameter |
username | Request parameter | <userid>@<identifier> <identifier>: for public IDP is ssocircle for IDPee is <idpeename> sample username for user max in IDPee mycompany would be: max@mycompany. |
Parameter only required for password grant type. |
password | Request parameter | password/token string | valid SSO session token or password |
scope | Request parameter | SAML | optional |
Table 2
Sample request for urn:ssocircle:api:sessiontoken grant type:
POST https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn HTTP/1.1
Host: idp.ssocircle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer nN42C7bQnqzeTZi11fhPWd6cUwOwA17uq+ol5OyIT2o7888xiIMi3udG61j+3PfrUpmOe2adK+5
Ql3L1oK056w==
Content-Type: application/json; charset=UTF-8
Content-Length: 246
grant_type=urn:ssocircle:api:sessiontoken&scope=SAML&password=
AQIC5wM2LY4Sfcy3ifL8vGYbzixe7rETt20fYIq3ZD3Or0s.*AAJTSQACMDIAAlNLABM4NTU1NzIwMDc5NjE3NDA1NjIxAAJTMQTZMDM.*
Sample request for password grant type:
POST https://idp.ssocircle.com/sso/ttapi/2.0/authz/0/authn
Host: idp.ssocircle.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:28.0) Gecko/20100101 Firefox/28.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Authorization: Bearer nN42C7bQnqzeTZi11fhPWd6cUwOwA17uq+ol5OyIT2o7888xiIMi3udG61j+3PfrUpmOe2adK+5
Ql3L1oK056w==
Content-Type: application/json; charset=UTF-8
Content-Length: 92
grant_type=password&scope=SAML&username=youruser@ssocircle&password=yourpw
Response | |||
Parameters | Type | Value | Description |
access_token | JSON | Authorization token used for API requests | Access token is valid for length of subscription or manual removal |
error | JSON | Error string | e.g. invalid_grant |
error_description | JSON | Error description | HTTP Return Codes |
200 | request successful | ||
400 | error as specified in the error description |
Table 3
Sample response:
200 OK
Server: "SSOCircle Web Server"
Date: Thu, 03 Apr 2014 13:47:20 GMT
Content-Length: 126
Content-Type: application/json;charset=UTF-8
Set-Cookie: SSOCTT=tT1e26d10e92aafd858a6ddb19097abea4b1246a577f7788885fb0ad505ee20e39e418c352108e
772a353e4f13670072b1d3ed1ba8bc5afdaf7973824228444df1351981daa024ba8b3e0eecafe3c00739e; Path=/
{"access_token":"nN42C7bQnqzeTZi11fhPWd6cUwOwTifuq+ol5OyIT2o7LABxiIMi3udG61j+3PfrUpmOe2adK+5Ql3L1oK056w=="}