Encedo HEM API Developer Manual
  • Welcome!
  • Preliminary
    • Quick Start
    • General information
  • Security
    • Report an issue
    • Advisory
      • Hall of fame
  • Reference
    • API Reference
      • System
        • Version & Status
        • Checkin
        • Configuration
        • Upgrade
          • Firmware
            • Low level USB mode
          • Management app
        • Self-test
        • Reboot
        • Shutdown
      • Authorization
        • Initialization
        • User authentication
        • External authenticator
          • Registration
          • Authentication
      • Key Management
        • Create a key
        • Derive a key
        • Import a key
        • Update a key
        • Delete a key
        • Get a public key
        • List the keys
        • Search a key
      • Cryptography operations
        • HMAC
        • ExDSA
        • ECDH
        • Encryption
          • Encryption/Decryption
          • Wrap/Unwrap
      • Audit log
      • Storage
Powered by GitBook
On this page
  • Get a challenge
  • Post authentication data
  1. Reference
  2. API Reference
  3. Authorization
  4. External authenticator

Authentication

Those endpoints allow to authenticate based by External Authenticator.

These two endpoints are wide open and do not need any authorization data.

Phase 1 - challenge

Get a challenge

POST https://my.ence.do/api/auth/ext/request

Get an authentication request data to challenge the external authenticator.

Headers

Name
Type
Description

Content-Type*

String

application/json

Request Body

Name
Type
Description

epk*

String

Broker ephemeral public key

scope*

String

Requested access scope

exp*

Number

Requested lifetime of the token

{
  "authreq": "eyJlY2RoIjoieDI1NTE5IiwidHlwIjoiSldUIiwiYWxnIjoiSFMyNTYifQ.eyJpc3MiOiJmZjYvcnBncHJ3Nk9qY1BiZWRJQjVMYnN4alpxbW5mNDNKMXplSzF4ODJJPSIsImF1ZCI6Ik56bzNtUlpmN3YwRGhpN2dobkdPY3R0Qk42SFJqVGRhUG4vc1hhc3k3alU9IiwiaWF0IjoxNjQ3ODcxMTE3LCJleHAiOjE2NDc4NzQ3MTcsImp0aSI6ImpZUTRZdU0vUWJydEdvRElRdUNTUW1zdjdNek9sNytKM3ExRjdYM25CN2s9Iiwic2NvcGUiOnsiTC9EenNjUXJ0dGo4S0Y4QTE1WjFVbkJwaXdjTUdudXZTRy94cUlwOXI0UT0iOiJBL3loTmp2ZldFOGdOMU5FSElSR1hEVFFpeVdENlY4YzRyL0o3dCtDOE1nWUxpT3Y2SEpXUWplbmJueFU3aGZkRCJ9fQ.yiE_kG3FA4h-2MXO3r00WyS1ScbHijR6VBdNxKz1uTI",
  "epk": "Nzo3mRZf7v0Dhi7ghnGOcttBN6HRjTdaPn/sXasy7jU="
}

Response data for successful operation

Name
Type
Description

authreq

String

Authentication request

epk

String

Broker ephemeral public key

Phase 2 - response

Post authentication data

POST https://my.ence.do/api/auth/ext/token

Post authentication data signed by an external authenticator.

Headers

Name
Type
Description

Content-Type*

String

application/json

Request Body

Name
Type
Description

authreply*

String

Authentication data to be validated by the device

{
  "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJzY29wZSI6ImtleW1nbXQ6bGlzdCIsInN1YiI6IlFxL0VHZHZhY21Ock42SkZXVlhnbFE9PSIsImlhdCI6MTY0Nzg3MTEyMiwiZXhwIjoxNjQ3ODcyMDIwLCJqdGkiOiJrb1E0WXNDZjNMNGlUcmwycHk2Zzd0M2p2Vjlwd3dzSXI2Ly9GOTZPZllJPSJ9.u7lVd5B6CZxmM3Sch9HVBa5-MRadhDlNnCaCTeBq2DY"
}

Response data for successful operation

Name
Type
Description

token

String

JWT access token (refered as JWT_TOKEN)

Log entries

Event
Result
Source

LOG_TYPE_AUTH_SUCCESS_EXTERNAL

LOG_RESULT_OK

200

PreviousRegistrationNextKey Management

Last updated 3 years ago