GSD REST API Login
/v1/login
Example
POST request
1 2 3 4 5 6 7 8 | POST http://localhost:8080/v1/login POST data: {"user": "test","pass": "098f6bcd4621d373cade4e832627b4f6","appNames":["test1","test2"]} Request Headers: appkey: 123 Content-Type: application/json |
Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | { "status": { "internalStatus": "0", "statusMessage": "ok" }, "data": { "sessionId": "c75e48cd-4f9e-4fe6-bbaf-61725d019a0d", "user": { "~ClassName": "User", "~ObjectID": "2S49", "~StoreTime": "20180905T114022+02:00", "Name": "GSDWebService", "Description": "Benutzer für Web-Service", "Groups": { "~Count": 1, "~UnfilteredCount": 1, "~Elements": [ { "~ClassName": "UserGroup", "~ObjectID": "2S1Y", "~StoreTime": "20180711T160940+02:00", "Name": "Jeder", "Description": "Rechte für jeden Benutzer" } ] }, "Employee": { "~ClassName": "Mitarbeiter", "~ObjectID": "6NB9", "~StoreTime": "20180718T080522+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" }, "Mitarbeiteransprechpartner": { "~ClassName": "Ansprechpartner", "~ObjectID": "CQKN", "~StoreTime": "20180718T080526+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" } } } }, "databaseName": "testDatabase" } } |
/v2/login
Example
POST request
1 2 3 4 5 6 7 8 | POST http://localhost:8080/v2/login POST data: {"user": "test","pass": "098f6bcd4621d373cade4e832627b4f6","appNames":["test"]} Request Headers: appkey: 123 Content-Type: application/json |
Response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 | { "status": { "internalStatus": "0", "statusMessage": "ok" }, "data": { "user": { "~ClassName": "User", "~ObjectID": "2S49", "~StoreTime": "20180905T114022+02:00", "Name": "GSDWebService", "Description": "Benutzer für Web-Service", "Groups": { "~Count": 1, "~UnfilteredCount": 1, "~Elements": [ { "~ClassName": "UserGroup", "~ObjectID": "2S1Y", "~StoreTime": "20180711T160940+02:00", "Name": "Jeder", "Description": "Rechte für jeden Benutzer" } ] }, "Employee": { "~ClassName": "Mitarbeiter", "~ObjectID": "6NB9", "~StoreTime": "20180718T080522+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" }, "Mitarbeiteransprechpartner": { "~ClassName": "Ansprechpartner", "~ObjectID": "CQKN", "~StoreTime": "20180718T080526+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" } } } }, "token": "eyJhbGciOiJIUzI1NiIsImtpZCI6ImdCZGFTLVZGZFMzNDIzM2RhUCJ9.eyJzZXNzaW9uSWQiOiJlMWYyN2VmZS04OTM3LTQ0YzUtOTBmMC0xN2E0MmI5NzE4ZTIifQ.2vAN8m00YF5jZa7Psd2S-jl66TvO3NAsRNIndyje3-4", "databaseName": "testDatabase" } } |
/v2/login/secure/key
Secure login sequence diagram
Examples
GET request
1 2 3 4 5 | GET http://localhost:8080/v2/login/secure/key Request Headers: appkey: 123 Content-Type: application/json |
Response
1 2 3 4 5 6 7 8 9 | { "status": { "internalStatus": "0", "statusMessage": "ok" }, "data": { "key": "-----BEGIN PUBLIC KEY-----\r\nHr78gy7sd08bgdw0gf8w0j2g0f2g2wgfweg80ewgbuwegbewbgeggbewrewgaefJ\r\neworfjewvg8w976g89erb6g7sew7r09wg9q83ht4ggsdf78g7s9g87fsbh89sh7f\r\nfgsdgdsg67f67sd69fsg67g6re90bs9h6sj906gsgh0ag7ag67ag6ag6a90g690a\r\fregd8es9g85gb9gfase685rgf89aewrfds8fd6agh7fs6gfd9sg69fsg9gs6fg9s\r\nfdsagfdz78g5a89hf59hnjfa5hgd8a5f8fa0ajhsgdasgh5fdhfatawefaewewfC\r\nfsgfsgDSGFygoGIsdfuhf789sg690agfGY0Dgy90DGY7vgfdyvd07fewnvuwi77w\r\nFDSREWWF\r\n-----END PUBLIC KEY-----\r\n" } } |
/v2/login/secure
/v2/login/secure uses RSA Encryption for request and response.
However RSA message has a maximum length of 1/8 of the key [eg. 2048 key may contain only 256 bytes of message].
To overcome this limitation, we are using common technique of connecting multiple RSA messages into one string and then encoding it with base64.
This means that if your message has 600 bytes it will be 256 + 256 + 256 in length. [The last one contains a RSA padding of 168 bytes].
Tip
You can verify if the response/request string is correct when the length of bytes is a multiplication of maximum message length [eg. 256/512/768/1024 bytes (for 2048 byte key)].
We currently use 2048 bit keys for REST API, however this may change in a future to meet modern standards of encryption.
You can also generate your own key and place them where the encryption config points.
Examples
POST request
Logging in via secure path requires to provide two json keys:
1. credentials:
which must contain following json:
1 2 3 4 5 | { "appNames": [], "user": "", "pass": "" } |
This json must be RSA encrypted using server's public key you get from /v2/login/secure/key
and then encoded in base64.
2. publicKey:
- your public key encoded in base64.
Having those data encoded correctly you should end up having similar data:
1 2 3 4 5 6 7 8 9 10 11 | POST http://localhost:8080/v2/login/secure POST data: { "credentials": "B7p04IFqCSz2W/zTTwmpFmr17wSKi3/C9nuHBK4vyW4xRBWXTwatWH+T9PhCWYfc7pNed38/bs8g4xXPlmxP17J8pMpqee2ryOjjnnl3702HuS+O1w8p6dsrQotppbuB1XKjscdVWwqmfjgxYbeReQtHOG+gVHSwpi1BXh+uBk+stkxORqtzVzvfUnmB7mLMyXg/fJzmUrj5iTYe7QtM0UD0FhbXfV3yjc3Q0DbZtiAPRtA6Z+83RwApkiuCwGUPdvVXkHC1IxicaE/i60Oaw+nge15sAOcdAou7TxpKVLFq/RJwfJosyHtWsAq0DODDHgaLMeXhAWO9s4twTLJgVw==", "publicKey": "LS0tLS1CRUdJTiBQVUJMSUMgS0VZLS0tLS0KTUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUE0bTBjckVMTFd3c1VxWkVRUnh6QQp3MDcxd3NONFVxTTFmbEx5dzhUVlliWURVNW1MVVhLdmpUUDRRY3JoS255TjZ1R3k2QThiNEw0ZzBvT1NVT2FNClhLYVU4Tnh0ZkNrbHM2R21ML3k3RWJQMTltQVJEMUE2d3d3UGs0bTE1Z1MvRTd2a3dUbDJOZ252ayt0amloUnUKb0pPOUFNK3lvNjg0YkgzMXRVeG9rNU92MU9GMmJaUzJUbEpkaDV4NnN0ZHNweGdpN0Q0NHFqakpuOW9UYS9jaAp6MmJFN1czS1IzcE1TSlc5Syt3UzA0L3IyYkI4RHBTU2I3VWpYVWZUdVY2M2xBNnIzbktMM2QxeEwvQkc1clhUClNoTkNTeGsybmR2OWFVREhRN29EM0o2ZnNycExaOFpFRU9MRjNYaW94TDFoQU5SY3Y3dk9xQm1oNTNIdjkvWWEKdXdJREFRQUIKLS0tLS1FTkQgUFVCTElDIEtFWS0tLS0tCg==" } Request Headers: appkey: 123 Content-Type: application/json |
If there were an encryption errors (wrong key/wrong data encoding), response will not encrypted so you can easily fix it.
Once you provide properly encoded/encrypted data, all of the further requests you receive will contain only an encrypted payload.
Encrypted response
1 | jbt334DJ60ACttg1JZtyviEPs3mFQmFzioIC15qDKj+Yo+P9ynEMFWm41pnnEhtm1oXZodVP7lEpjM4vsy1DMK7tYw+RFc+KIVkEgI1Tdww0NISlGqM3UfaeL6OfDomTZkQ+Artc1an81HBEbiQsRtlAXTnQDb8ZZBkOklcLXzTiIgwfoKTWU/S5tNhbGk9uSLc2UBXeQTvPiv1LqF4C8h9r4CBlVe8WhLjCXlXLBc8JEwsGbJNMmzwlgM7vf0XHy4mBS3PiWKzHwKV1IaIWcB63O9EGR6Cj5xHSD5FQGrKrfplPQE2g7PJnvlmmd35reLDBGG0NuqlAXVAWYosT3ChkwykslINZ+tH5U3FtTJV46A8E7X1ui6hDF4OSuM/9ltwgSpb/HIUweqFy/8wmTjxyRzOJb+HfTuOkispk1B8uaML3CRBqYc+HF0fJ33C+OXhtZWLV/eDoQQsX+cup52B/Ly+n6r57jDjWCF3rgpH7AIGFKlXahg0JJ8gpSKqehg2A000363y/3orm9A3ZovESSc+ZhMmMDHoAMgTRriOW+F0NdEy2WsThz689qM3YHoyWGeC4KWaYQOCOF8X9e0K22pLVrtZKOiMz9vxW4oL/Jzl4snuc+o08tlthnsCMLAfHTy89g5nmwU1e5wuDkvLYr0oAQ6m7KA24vNocteUfGwo4McshSrXmxRDoT/SjcdJneKylF0aSgLYdEoETsGezQH3u0Jw1qHGOaehit/HrSv7/mOgzHgy8fbPXV1P3wyJ35jMwPw5epuJmTkeTaVBukb5YZ4o4wy1tp8SPVX4FuebAiQVorvigXt5P/AOih20t5xxidVyy7hfc6BxStNuXaQlJyNTA38mePNs1K4KYmo7qdss11T5OGBZ5EWcANBRYdHuKibcyVz6nXfum/qtlHvTrS/nYpbeEe04MTX2v6Dc3+flS0NxFu31y1xt2yXXMS2WKGnTnU835c73WOYrX8CxmwRZN3uUYftKEBzMqiQszBvj1QvnBwl60mCdYzi4tIqdq+ZsHfCTKAo21XXP/kdMWBbVYpQFPkVey9Aau0CUzgqWRQWfovZZlCPTBIMvRMoEraFntmJHmUCLY6d2ERwKgWx3KX9fsnVUHwUnTc00+tYXG0c/6bwO+epGscTC9FWmVSSaiKhv604gim/jhFUrMfA8gt1cD2baDqILHV4yJkfU1eQ3cvHsKKJ7woIz6lGeg68Q2zbVcmGtSXiXUb3CfQexJbmp6Q/ZtIiuM0/mQcZ+uSJfI2zmrWiTYhafkJ3DGSw32KtVlYhw1oGUHmwrzMZtVzT5vXMlqbznb2r1lHnMCza/ZXUjl411bUwaokPMHbbXf5Pj7KKFzXSSVGMP/6VL1MLkwhKTqvzd450kbBTWTBLKzuAE38AbrxlwOHm6QxMiPJrtKhZxvIoO06skT350ddoJix09LyLBYYt0uos+JMwuFksQqZCoaJ+clUccqAenfVgPdLx7pqzQy8AF73w4rfld98HqNZ23fy5j5Ln5uf+BKDhzoauWOUs+V/Bf5xj/W+WSrMs/bFUOz5jz1cLds1GBI3j0a4Tb3UU14MNrQ+ou9GG1dNdHqymg6FcpJJT0bZU3WFwv2hKInG0Cm6HnX+03i4XzkT/3/ah4Bmzpd7ghLaHguiLdw3/cgRGIdMNL4LOBqufMGNsZf6YQCxsmwv5ihF3rBm9FGnZYYJDncGwfpUCO60TU3wAicPkdi/IAoXaaglKbb4wEx82AmUVNDgfC/pPyut1AtR3F1F98idF78BSOZTvxfi+jaidrqN52rxpFtAuzNARV91J/a3sEc4E6iMc3bJnbV/E8TASaPKc0kGJAf87pZFv72EIWqbymc/l86DA5DN2F2DOtUGjSCmvWXZqdIDV0QK+btfteQvC+Z27x2Zf11suTrbmg/EHQprUKjcyjzsYSsdAMOEkkoLE0C+ZeQq6I8fQsbGwcG0OMb8dwQZsWzmPoTuYYe7X4d/IJaRgWunGOGSXbwtueHBgNkYxkGVTclGJSuJo0g2TqwAx6ue5GcdwWIMesRjyeoU4tG08Gwe1Jn+aGIfCG8Tufsl1BhqWx2g2KnU3kMJRihlbyJgpd0K1LQEmo+2jSEGpndLMPK+JB2g1JOlZ/ygmEp6UThEK1uRhlctSBAbuKxeKVJ5vrOKdCqLqJDUSMQA9QvQBdR3P9Dz9vD5nFrCjTdUuTDklEpwBXxGMksVFtWjTAST9ErFc0A/RIGiX3cQtKBgxwJCev1e32mgyxhL/DCjlquhYB7W3PGbhQeYWojZiqtCC1I95mbJc4CubqBom9VRbP6sJrJOQ0yPxwIa1Oa4/Ifdy/TMW8l2v0+EcMEMyKta/5U4lZe+9YtR/+Em1BDWSU7UQ==
|
You must base64 decode then decrypt it using your private key. It will contain login data:
Decrypted response
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 | { "status": { "internalStatus": "0", "statusMessage": "ok" }, "data": { "sessionId": "ZVrH2ogDA1eU4UMHqB6eux8hKmd1ycnpKQYW1oIVTcbNpLMBwFHWggCbsKiTRphYPxgupJeC1Yksi7OFHclDnmlokLVorr4dTtqT0V4frN+H8BWGDvo3XWQQfxnVTJuMWTp9Yq69IS8xrjBOZ+LmrTNYqWtcSsqdke4LCFJYab9P9vKSvL29tjUnrPOJrobIWK3O/3n13XNxdxBCvDN6n1Y5tDt7u/E6zgbYbuc3OkY5jyRtgdKHKugAkWgaT3uRllSIhpsD3pH5W2cUHeNfqR0xL0FwItUOT7eWYTbkxU5lKSr7oorKUm4nb5TS/pfBeyUZwuKd4kVBXTdVcqDhaQ==", "user": { "~ClassName": "User", "~ObjectID": "2S49", "~StoreTime": "20180905T114022+02:00", "Name": "GSDWebService", "Description": "Benutzer für Web-Service", "Groups": { "~Count": 1, "~UnfilteredCount": 1, "~Elements": [ { "~ClassName": "UserGroup", "~ObjectID": "2S1Y", "~StoreTime": "20180711T160940+02:00", "Name": "Jeder", "Description": "Rechte für jeden Benutzer" } ] }, "Employee": { "~ClassName": "Mitarbeiter", "~ObjectID": "6NB9", "~StoreTime": "20180718T080522+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" }, "Mitarbeiteransprechpartner": { "~ClassName": "Ansprechpartner", "~ObjectID": "CQKN", "~StoreTime": "20180718T080526+02:00", "Name1": "webservice", "Name2": "", "Name3": "", "Bild": { "~ClassName": "Bild", "~ObjectID": "8ZWX", "~StoreTime": "20180516T074606+02:00" } } } }, "symmetricKey": "N8O8w5bCs8KRF8OKw7rCs8K8EcOWSk5XwoDCh8KHVcOrw7nColPCuQjDpcKiw5powp/CosKX", "databaseName": "testDatabase" } } |
Valid login request will contain two important json keys:
$.data.sessionId
- your secure sessionId that you must provide as Secure-Token
Header for each further request you wish to call.
$.data.symmetricKey
- an unique AES-CTR key bound to your session you must use to encrypt request data.
Important information:
- Do not share symmetricKey with anyone. Store it for current session, each login provides new secure key and session.
- Remember to use
Content-Type: application/text
for encrypted data. - All encrypted payload (except for binary downloading/uploading) must be encoded in base64 to ensure consistent data flow.
- Only login request/response are encrypted via RSA keys, each next request/response must be encrypted with AES-CTR encryption using
symmetricKey
- AES-CTR IV Counter is incremented by one.
- All encrypted responses will contain
Encrypted
header.