EAF-REST API provides a powerful, convenient, and simple Web services API for interacting with ONEWEB 4.0 for standard CRUD operations to the database. This feature uses the concept of JWT (Json Web Token) for security. The client can connect to a server, send and receive data in JSON (JavaScript Object Notation) format. All requests from the client should send the "Authorization" parameter in the header. See below for the steps to connect to the server.
Request login The first step, the client logs in to the server with user information. EAF-REST provide login service URL "http://[IP Address]:[Port]/eaf-rest/login" Client connects using POST method and sends user information like this
Note: "clientId" is random generated unique key from client.
Server create token The server creates payload information and generates a token.
Return token to the client The client receives a message from the server. For example, see the message below.
timestamp: Date and time server generate a token validity: age of token in a millisecond when server return token to the client. The token will expire by calculating validity from timestamp and validity: days = ((validity/3600)/24) ONEWEB 4.0 set default expires in 1 day. id_token: this is the value the client used to attach to http header authorization key
The Client sends a request with an authorization header When the client connects to a server every message should attach the token to the authorization key in the HTTP header
The Server checks the signature and Expire date When the server receives a message from the client, it will check the signature and expiration date of the token to validate the message. If the message is valid, the server will continue to process messages from the client. For invalid messages, the server rejects requests from that client.
Send a response to client After the server process the request, it will send the response to the client.