The user is the person who logs in to the Synerise Application. They can have access to one or more workspaces, with different permissions in each profile. After a user logs in, they must choose a workspace to work with.
Users may be required to log in using multi-factor authentication.
Logging in as a user
API reference available here.
To log in as a user, you need the username and the password.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "user@synerise.com",
"password": "strongPassword"
}'The response includes:
- JSON Web Token (JWT) needed to authorize when selecting a workspace or modifying user data. This token cannot be used to perform operations within a workspace.
- Information about the multi-factor authentication method
- Information about the user. Note that no workspace is selected, the user has no permissions (authorities) and no roles.
{ // JWT "token": "eyJhbGciOiJinvalidXyw0TAc", // User info "consumer": { "type": "USER", "businessProfileId": null, "name": "user@synerise.com", "id": 12345, "authorities": [], "roles": "-2", "type": "USER" }, // multi-factor authentication method, if required "mfaMethods": [ "TOTP_AUTHENTICATOR" ] } - If
mfaMethodsis not empty, you must confirm the multi-factor authentication. - If
mfaMethodsis empty, select a workspace.
Confirming multi-factor authentication
API reference available here.
After a user logs on, they don't need to enter the authentication code on the same device for 8 hours.
You need the JWT obtained from the login request and a token from your authentication app.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/mfa/verification?mfaType=TOTP_AUTHENTICATOR' \
--header 'Authorization: Bearer eyJhbG...2KIh6IU' \
--header 'Content-Type: application/json' \
--data-raw '{
"verificationCode": "938538"
}'The response is the same as in the login endpoint.
Proceed to workspace selection.
Workspace selection
After authentication, a user must select a workspace to work in.
Checking available workspaces
API reference available here.
You need a JWT obtained from logging in; multi-factor authentication (if enabled); or with a workspace already selected (when switching between profiles).
The following request checks the workspaces available to a user:
curl --location --request \
GET 'https://{SYNERISE_API_BASE_PATH}/uauth/business-profile/' \
--header 'Authorization: Bearer eyJhbGciOiJSUz...qDTl72iqwIji4'The response is an array of workspaces available to a user. The UUID is stored in the businessProfileGuid field.
[
{
"id": 48,
"name": "Sample Profile",
"logo": "https://synerise.com/sample.png",
"businessProfileGuid": "01234abc-1234-5678-9abc-def012345678",
"created": "2020-07-21T12:41:59Z",
"subdomain": "sample-profile",
"ipRestricted": false,
"mfaRequired": true
}
]Selecting a workspace
API reference available here.
You need:
- a JWT obtained from logging in; multi-factor authentication (if enabled); or with a workspace already selected (when switching between profiles).
- the UUID of the workspace
The response includes:curl --location --request \ POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/profile/01234abc-1234-5678-9abc-def012345678' \ --header 'Authorization: Bearer eyJh...d886bpyWWZKvQESsM8cUYWuVqfSI' - JWT needed to perform operations as a user within a workspace (most operations performed as Synerise User require this token)
- Information about the user and their authorities (permissions) in the workspace. These permissions correspond to the ones listed as required in the API reference.
{ "token": "eyJhbGciOiJSU...tIarjyXFFCv_Ek6M", "consumer": { "type": "USER", "businessProfileId": 48, "name": "user@synerise.com", "id": 12345, "authorities": [ "ROLE_ADMIN_EDITUSER", "ROLE_ANALYTICS_SHOW", "ROLE_API_ADD", "ROLE_API_CREATE", "ROLE_API_DELETE", ... ], "roles": "16", "type": "USER" } }