Authentication options
Basic authentication
For requesting the RESTful services directly with a REST client, authentication must be ensured. Therefore, the Basic Authentication is used:
Within the header of an HTTP request, the Authorization field must be set.
Therefore, the credentials of the API user must be encoded with Base64 and need to be included like this: Authorization: Basic base64(User:Password).
The SingleKey ID cannot be used on API level. An API user must be created, refer to Creating an API user or Creating an API user via API.
We recommend you to use preemptive authentication. That way, the basic authentication request is sent before the server returns an unauthorized response. Also refer to the Apache documentation.
The following example shows an authorization header for the credentials foo:bar.
...
Authorization: Basic Zm9vOmJhcg==
...
OAuth via Azure Active Directory
You can use an OAuth bearer token provided by Microsoft Azure AD to access the Bosch IoT Insights API.
The API requires a token for the scope of Bosch IoT Insights: api://bosch-iot-insights-prod/access
To request a token with this scope, you need an App Registration in the Bosch Tenant of Azure Active Directory. Your App needs to be authorized to request the scope of Bosch IoT Insights. You can request an authorization by the Bosch IoT Insights support by providing your Client ID.
There are different possibilities to acquire a token, e.g.:
The resulting JWT will have a payload as follows:
{
"aud"
:
"a9812fa5-5f4f-45d1-940f-c60e80e26178"
,
"iss"
:
"https://login.microsoftonline.com/0ae51e19-07c8-4e4b-bb6d-648ee58410f4/v2.0"
,
"scp"
:
"access"
,
....
....
....
}
0ae51e19-07c8-4e4b-bb6d-648ee58410f4 refers to the Bosch tenant ID, and a9812fa5-5f4f-45d1-940f-c60e80e26178 is the application ID of insights-api-prod.
Note that the bearer token is set to expire and needs to be refreshed.
OAuth via Custom IDP
You can configure a custom identity provider (IDP) within your project to access project specific REST APIs.
See: Custom Identity Provider (IDP) Authentication