Authentication

Sentinel EMS REST API supports the following authentication standards - OAuth 2.0 and Basic Authentication.

OAuth 2.0

OAuth 2.0 framework enables end users using an application to grant third-party applications limited access to their protected resources, such as user data or functionality, without sharing their end user credentials, such as user names and passwords.

An OAuth client refers to an application or service that can make requests for protected resources on behalf of the resource owner after the resource owner grants authorization. There are two types of OAuth clients: confidential and public. Confidential clients are registered with a client secret, while public clients are not.

An OAuth grant type determines how an application obtains an access token to access protected resources. Sentinel EMS uses the following OAuth grant types:

>Client Credentials: Use it for the confidential client type. This is used for server-to-server communication, where the client application sends its own credentials (client ID and client secret) to generate an access token. This is done in the back end on behalf of the client application without user intervention. This grant type does not involve user authentication or authorization.

>Authorization Code: Available for both the confidential client type and public client type. This is used primarily for server-side web applications and involves generating an access token using an authorization code. The authorization code with PKCE can be used for public clients, such as single-page applications and on-premises applications.

For more information about OAuth clients and grant types, refer to the Sentinel EMS User Guide.

Basic Authentication

When using the HTTP Basic Authentication standard, you must specify the user name and password in each API call. This is done by using the Authorization header of the request, in the following manner:

1.The user name and password are combined into a string called username:password. User names and passwords that contain a colon character (:) are not supported.

2.The resulting string literal is encoded using Base64.

3.The authentication method Basic, along with a space, is put before the encoded string.

For example, if the user agent uses admin as the user name and admin123 as the password, the Authorization header is formed, as follows:

Authorization: Basic YWRtaW46YWRtaW4xMjM=

Sentinel EMS supports Basic Authentication for all login types, in the following format:

Login Type

Login Credentials

(username:password)

 Example

Vendor User Login

Use the vendor's user ID and its respective password.

Format:

[vendor_user_Id]:[vendor_password]

admin:admin123

Partner User Login

Use the actual partner user ID with the prefix "partner-" as the user name.

Format:

partner-[partner_user_Id]:[partner_password]

partner-partneruser:test123

Customer User Login

User Login

Use the user's e-mail address with the prefix "endUser-" as the user name.

NOTE   The prefix "endUser-" is case-sensitive.

Format:

endUser-[contact_email_address]:[contact_password]

endUser-abc@xyz.com:abc123

PKID Login

Use "pkId" as the username, and the actual Product Key as the password.

NOTE   The username "pkId" is case-sensitive.

Format:

pkId:[product_key]

pkId:12AJD-6ED7SS

EID Login

Use "eId" as the username, and the actual Entitlement ID as the password.

NOTE   The username "eId" is case-sensitive.

Format:

eId:[entitlement_Id]

eId:3221AS-85343A

Service Account

Use the user ID and its respective password.

Format:

[service_account_user_Id]:[service_account_password]

testuser:testpassword123