Synerise user authorization
The user is the person who logs in to the Synerise Application. They can have access to one or more workspaces, with different permissions in each profile. After a user logs in, they must choose a workspace to work with.
Users may be required to log in using multi-factor authentication.
Logging in as a user
API reference available here.
To log in as a user, you need the username and the password.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "user@synerise.com",
"password": "strongPassword"
}'The response includes:
- JSON Web Token (JWT) needed to authorize when selecting a workspace or modifying user data. This token cannot be used to perform operations within a workspace.
- Information about the multi-factor authentication method
- Information about the user. Note that no workspace is selected, the user has no permissions (authorities) and no roles.
{
// JWT
"token": "eyJhbGciOiJinvalidXyw0TAc",
// User info
"consumer": {
"type": "USER",
"businessProfileId": null,
"name": "user@synerise.com",
"id": 12345,
"authorities": [],
"roles": "-2",
"type": "USER"
},
// multi-factor authentication method, if required
"mfaMethods": [
"TOTP_AUTHENTICATOR"
]
}- If
mfaMethodsis not empty, you must confirm the multi-factor authentication. - If
mfaMethodsis empty, select a workspace.
Confirming multi-factor authentication
API reference available here.
You need the JWT obtained from the login request and a token from your authentication app.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/mfa/verification?mfaType=TOTP_AUTHENTICATOR' \
--header 'Authorization: Bearer eyJhbG...2KIh6IU' \
--header 'Content-Type: application/json' \
--data-raw '{
"verificationCode": "938538"
}'The response is the same as in the login endpoint.
Proceed to workspace selection.
Workspace selection
After authentication, a user must select a workspace to work in.
Checking available workspaces
API reference available here.
You need a JWT obtained from logging in; multi-factor authentication (if enabled); or with a workspace already selected (when switching between profiles).
The following request checks the workspaces available to a user:
curl --location --request \
GET 'https://{SYNERISE_API_BASE_PATH}/uauth/business-profile/' \
--header 'Authorization: Bearer eyJhbGciOiJSUz...qDTl72iqwIji4'The response is an array of workspaces available to a user. The UUID is stored in the businessProfileGuid field.
[
{
"id": 48,
"name": "Sample Profile",
"logo": "https://synerise.com/sample.png",
"businessProfileGuid": "01234abc-1234-5678-9abc-def012345678",
"created": "2020-07-21T12:41:59Z",
"subdomain": "sample-profile",
"ipRestricted": false,
"mfaRequired": true
}
]Selecting a workspace
API reference available here.
You need:
- a JWT obtained from logging in; multi-factor authentication (if enabled); or with a workspace already selected (when switching between profiles).
- the UUID of the workspace
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/profile/01234abc-1234-5678-9abc-def012345678' \
--header 'Authorization: Bearer eyJh...d886bpyWWZKvQESsM8cUYWuVqfSI'The response includes:
- JWT needed to perform operations as a user within a workspace (most operations performed as Synerise User require this token)
- Information about the user and their authorities (permissions) in the workspace. These permissions correspond to the ones listed as required in the API reference.
{
"token": "eyJhbGciOiJSU...tIarjyXFFCv_Ek6M",
"consumer": {
"type": "USER",
"businessProfileId": 48,
"name": "user@synerise.com",
"id": 12345,
"authorities": [
"ROLE_ADMIN_EDITUSER",
"ROLE_ANALYTICS_SHOW",
"ROLE_API_ADD",
"ROLE_API_CREATE",
"ROLE_API_DELETE",
...
],
"roles": "16",
"type": "USER"
}
}
