Synerise user authorization
The user is the person who logs in to the Synerise Application. They can have access to one or more business profiles, with different permissions in each profile. After a user logs in, they must choose a business profile to work with.
Users may be required to log in using multi-factor authentication.
Logging in as a user
API reference available here.
To log in as a user, you need the username and the password.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user' \
--header 'Content-Type: application/json' \
--data-raw '{
"username": "user@synerise.com",
"password": "strongPassword"
}'
The response includes:
- JSON Web Token (JWT) needed to authorize when selecting a business profile or modifying user data. This token cannot be used to perform operations within a business profile.
- Information about the multi-factor authentication method
- Information about the user. Note that no business profile is selected, the user has no permissions (authorities) and no roles.
{
// JWT
"token": "eyJhbGciOiJinvalidXyw0TAc",
// User info
"consumer": {
"type": "USER",
"businessProfileId": null,
"name": "user@synerise.com",
"id": 12345,
"authorities": [],
"roles": "-2",
"type": "USER"
},
// multi-factor authentication method, if required
"mfaMethods": [
"TOTP_AUTHENTICATOR"
]
}
- If
mfaMethods
is not empty, you must confirm the multi-factor authentication. - If
mfaMethods
is empty, select a business profile.
Confirming multi-factor authentication
API reference available here.
You need the JWT obtained from the login request and a token from your authentication app.
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/mfa/verification?mfaType=TOTP_AUTHENTICATOR' \
--header 'Authorization: Bearer eyJhbG...2KIh6IU' \
--header 'Content-Type: application/json' \
--data-raw '{
"verificationCode": "938538"
}'
The response is the same as in the login endpoint.
Proceed to business profile selection.
Business profile selection
After authentication, a user must select a business profile to work in.
Checking available business profiles
API reference available here.
You need a JWT obtained from logging in; multi-factor authentication (if enabled); or with a business profile already selected (when switching between profiles).
The following request checks the business profiles available to a user:
curl --location --request \
GET 'https://{SYNERISE_API_BASE_PATH}/uauth/business-profile/' \
--header 'Authorization: Bearer eyJhbGciOiJSUz...qDTl72iqwIji4'
The response is an array of business profiles available to a user. The UUID is stored in the businessProfileGuid
field.
[
{
"id": 48,
"name": "Sample Profile",
"logo": "https://synerise.com/sample.png",
"businessProfileGuid": "01234abc-1234-5678-9abc-def012345678",
"created": "2020-07-21T12:41:59Z",
"subdomain": "sample-profile",
"ipRestricted": false,
"mfaRequired": true
}
]
Selecting a business profile
API reference available here.
You need:
- a JWT obtained from logging in; multi-factor authentication (if enabled); or with a business profile already selected (when switching between profiles).
- the UUID of the business profile
curl --location --request \
POST 'https://{SYNERISE_API_BASE_PATH}/uauth/auth/login/user/profile/01234abc-1234-5678-9abc-def012345678' \
--header 'Authorization: Bearer eyJh...d886bpyWWZKvQESsM8cUYWuVqfSI'
The response includes:
- JWT needed to perform operations as a user within a business profile (most operations performed as Synerise User require this token)
- Information about the user and their authorities (permissions) in the business profile. These permissions correspond to the ones listed as required in the API reference.
{
"token": "eyJhbGciOiJSU...tIarjyXFFCv_Ek6M",
"consumer": {
"type": "USER",
"businessProfileId": 48,
"name": "user@synerise.com",
"id": 12345,
"authorities": [
"ROLE_ADMIN_EDITUSER",
"ROLE_ANALYTICS_SHOW",
"ROLE_API_ADD",
"ROLE_API_CREATE",
"ROLE_API_DELETE",
...
],
"roles": "16",
"type": "USER"
}
}