Login

Authentication with EasyClocking API is based on a JWT model. You first authenticate by calling the login endpoint using the comapny code, username and password, this information have to be send in the basic authorization header, the base64 of the byte array about the "companycode:user:password" with this format and order(see sample below) we'll give the access token in a response header "X-AccessToken" then you'll need to send the token for all the rest of endpoints calls into the same specific header "X-AccessToken"



[C#]

public async Task< string > BasicAuthenticateDemoAsync(string companyCode, string username, string password)
{
    using (var client = new HttpClient())
    {
        var credentials = Convert.ToBase64String(System.Text.Encoding.UTF8.GetBytes(string.Format("{0}:{1}:{2}", companyCode, username, password)));
        client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic", credentials);
        var res = await client.PostAsync(CreateUrl("https://[Easylink_server]/api/sekureid/external/login"), new StringContent(string.Empty));
        if (res.IsSuccessStatusCode)
        {
            var res_h = res.Headers.SingleOrDefault(x => x.Key == "X-AccessToken");
            if (null != res_h.Value)
            {
                Token = res_h.Value.First();
                return Token;
            }
        }
        return string.Empty;
    }
}


A Jquery call, it would be as follows


[JQUERY]
$.ajax({
  type: 'POST', contentType: "application/json; charset=utf-8", dataType: 'json', data: JSON.stringify({}),
  url: https://[Easylink_server]/api/sekureid/external/login, 
  data: {},
  crossDomain: true,
  beforeSend: function(xhr) {
    xhr.setRequestHeader('Authorization', 'Basic ' + window.btoa(unescape(encodeURIComponent(YOUR_COMPANY_CODE + ':'+ YOUR_USERNAME + ':' + YOUR_PASSWORD))))
         }
});

Login Return Succeed

When the authentication call is succeded, returns a valid token in "X-AccessToken" header and the body of this response should be empty, the life cycle of the token is 180 minutes, after that you should authenticate again to get a new token.

Each future request after login must be accompanied by the token returned by the login endpoint


                     
public async Task< UserResultVM > GetUsersAsync(UserFilter filter, string token)
{
    using (var client = new HttpClient())
    {
        Uri uri = new Uri("https://[Easylink_server]/api/sekureid/external/User");
        client.DefaultRequestHeaders.Add("X-AccessToken", token);
        var response = await client.GetAsync(uri);
        var result = new UserResultVM();
        var a = response.RequestMessage;
        if (response.StatusCode == HttpStatusCode.OK)
        {
            result.Users_total_count = Convert.ToInt32(response.Headers.SingleOrDefault(x => x.Key == "X-Total-Count").Value.First());
            result.Users = await response.Content.ReadAsAsync< List < UserVM > >();
            return result;
        }
        else
        {
            //do something according to the response.StatusCode obtained, see all posibles status codes at the endpoint description
            throw new HttpResponseException(response.StatusCode.ToString());
        }
    }
}
        

Token scope

The access token will have the same scope as the user loggued in. EasyClocking have 3 levels of users, basic users who only have access to their own data, Managers who can have access to certain Locations and Departments and some privileges setup previously and Admins who have full access, meaning, if somebody login and obtain a token with a set of credentials from a manager, when the endpoint Users is pulled using that token to get all users, the system will only respond with the users corresponding to the manager's location and department priviliges.