Synerise user authorization

The user is the person who logs in to the Synerise Application. They can have access to one or more business profiles, with different permissions in each profile. After a user logs in, they must choose a business profile to work with.

Users may be required to log in using multi-factor authentication.

Logging in as a user

API reference available here.

To log in as a user, you need the username and the password.

curl --location --request POST 'https://api.synerise.com/uauth/auth/login/user' \
--header 'Content-Type: application/json' \
--data-raw '{
    "username": "user@synerise.com",
    "password": "strongPassword"
}'

The response includes:

  • JSON Web Token (JWT) needed to authorize when selecting a business profile or modifying user data. This token cannot be used to perform operations within a business profile.
  • Information about the multi-factor authentication method
  • Information about the user. Note that no business profile is selected, the user has no permissions (authorities) and no roles.
{
    // JWT
    "token": "eyJhbGciOiJinvalidXyw0TAc",
    // User info
    "consumer": {
        "type": "USER",
        "businessProfileId": null,
        "name": "user@synerise.com",
        "id": 12345,
        "authorities": [],
        "roles": "-2",
        "type": "USER"
    },
    // multi-factor authentication method, if required
    "mfaMethods": [
        "TOTP_AUTHENTICATOR"
    ]
}

If mfaMethods is not empty, you need to confirm the multi-factor authentication.

Confirming multi-factor authentication

API reference available here.

You need the JWT obtained from the login request and a token from your authentication app.

curl --location --request POST 'https://api.synerise.com/uauth/auth/login/user/mfa/verification?mfaType=TOTP_AUTHENTICATOR' \
--header 'Authorization: Bearer eyJhbG...2KIh6IU' \
--header 'Content-Type: application/json' \
--data-raw '{
    "verificationCode": "938538"
}'

The response is the same as in the login endpoint.

Business profile selection

Checking available business profiles

API reference available here.

You need a JWT obtained from logging in; multi-factor authentication (if enabled); or with a business profile already selected (when switching between profiles).

The following request checks the business profiles available to a user:

curl --location --request GET 'https://api.synerise.com/uauth/business-profile/' \
--header 'Authorization: Bearer eyJhbGciOiJSUz...qDTl72iqwIji4'

The response is an array of business profiles available to a user. The UUID is stored in the businessProfileGuid field.

[
    {
        "id": 48,
        "name": "Sample Profile",
        "logo": "https://synerise.com/sample.png",
        "businessProfileGuid": "01234abc-1234-5678-9abc-def012345678",
        "created": "2020-07-21T12:41:59Z",
        "subdomain": "sample-profile",
        "ipRestricted": false,
        "mfaRequired": true
    }
]

Selecting a business profile

API reference available here.

You need:

curl --location --request POST 'https://api.synerise.com/uauth/auth/login/user/profile/01234abc-1234-5678-9abc-def012345678' \
--header 'Authorization: Bearer eyJh...d886bpyWWZKvQESsM8cUYWuVqfSI'

The response includes:

  • JWT needed to perform operations as a user within a business profile (most operations performed as Synerise User require this token)
  • Information about the user and their authorities (permissions) in the business profile. These permissions correspond to the ones listed as required in the API reference.
{
    "token": "eyJhbGciOiJSU...tIarjyXFFCv_Ek6M",
    "consumer": {
        "type": "USER",
        "businessProfileId": 48,
        "name": "user@synerise.com",
        "id": 12345,
        "authorities": [
            "ROLE_ADMIN_EDITUSER",
            "ROLE_ANALYTICS_SHOW",
            "ROLE_API_ADD",
            "ROLE_API_CREATE",
            "ROLE_API_DELETE",
            ...
        ],
        "roles": "16",
        "type": "USER"
    }
}
😕

We are sorry to hear that

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.

😉

Awesome!

Thank you for helping improve out documentation. If you need help or have any questions, please consider contacting support.