Difference between revisions of "Authentication and security"

fr:Authentification et sécurité en:Authentication and security es:Autenticación y seguridad pt:Autenticação e segurança it:Autenticazione e protezione nl:Verificatie en beveiliging de:Authentifizierung und Sicherheit zh:身份验证和安全 ar:الأمان والمصادقة ja:認証とセキュリティ pl:Uwierzytelniania i zabezpieczeń ru:Проверка подлинности и безопасность ro:Autentificare și securitate he:אבטחה ואימות
This article has been created by an automatic translation software. You can view the article source here.

fr:Authentification et sécurité he:אבטחה ואימות ro:Autentificare și securitate ru:Проверка подлинности и безопасность pl:Uwierzytelniania i zabezpieczeń ja:認証とセキュリティ ar:الأمان والمصادقة zh:身份验证和安全 de:Authentifizierung und Sicherheit nl:Verificatie en beveiliging it:Autenticazione e protezione pt:Autenticação e segurança es:Autenticación y seguridad en:Authentication and security

Introduction

How to authenticate the API Ikoula and policies of Security ?

Explanations

Pour des raisons évidentes de Security, l'API Ikoula exige une authentication. Celle-ci est basée sur un identifiant, un mot de passe et une signature :

• The ID is the email address used to connect your Ikoula account or to the extranet. The name of the parameter to pass is always login ;
• The password as it may be, is provided in clear text (parameter password), is encrypted via a specific function using a public key provided by Ikoula (parameter crypted_password) and Base64_encode ;
• The signature is generated based on the parameters supplied when calling the API (see the signature generation process ==> Génération de la signature).

These settings should always be passed in GET to the API !

ATTENTION :
The passage of the password in clear text is provided to facilitate the handling of the API and serves as a debug. For your tests to the API, you can, for example, use a temporary user dedicated to these tests and authenticate you with the password in clear (see the Wiki for the creation of sous-utilisateur: https://support.ikoula.com/index-1-2-2835.html).

The use of encryption of password with the public key Ikoula is essential in any production environment or non-court term.
If the API calls are doomed to be used via a script or a program, we recommend creating a user dedicated to this purpose rather than use your extranet user classic.
You have two options :

• Contact our support for the creation of an extranet user ;
• Create a sous-utilisateur directly from the homepage of your extranet account (See the WIKI for the creation of sous-utilisateur: https://support.ikoula.com/index-1-2-2835.html).

Attention à ne pas oublier de lui mettre les droits sur les prestations souhaitées.

Public key encryption of the password is available at the following address

https://api.ikoula.com/downloads/Ikoula.API.RSAKeyPub.pem

Examples

For this example, the login will be "ikoulasupport".
To encrypt the password, here is an example of a function using the public key ikoula :

// Chemin local vers la clef publique téléchargée à http://api.ikoula.com/downloads/Ikoula.API.RSAKeyPub.pem
define('API_PUB_KEY_PATH', dirname(__FILE__) . '/Ikoula.API.RSAKeyPub.pem');
 
// Fonction de cryptage du mot de passe via la clef publique Ikoula
function opensslEncryptPublic($password)
{
        // Vérification de la présence de la clef publique
        if(file_exists(API_PUB_KEY_PATH))
        {
                if(!empty($password))
                {
                        // on récupére la clef public
                        $publicKey = openssl_pkey_get_public('file://'.realpath(API_PUB_KEY_PATH));
 
                        // Si il n'y a pas eu d'erreur lors de la récupération de la clef publique on continue
                        if ($publicKey !== FALSE)      
                        {
                                // Si chiffrement clef publique OK
                                if(openssl_public_encrypt($password, $crypted, $publicKey) === TRUE)   
                                {
                                        // Renvoie du passe crypté
                                        return $crypted;       
                                }
                                else
                                {
                                        return NULL;
                                }
                        }
                        else
                                return NULL;
                }
                else
                        return NULL;
        }
        else
        {
                echo("Erreur la clée public n'est pas présente.\n");
                return NULL;
        }
}
 
// Utilisation de la fonction de cryptage
$password_crypt = opensslEncryptPublic("Mot de passe non crypté");
if($password_crypt != NULL)
        echo "OK Mot de passe crypté: ".$password_crypt;
else
        echo "Erreur lors du cryptage du mot de passe.";

// ==> $password_crypt contient donc le mot de passe crypté

Conclusion

Once the password encrypted and encrypted signature, we can do the API call with parameters (If we follow the above example) :

• login = ikoulasupport ;
• crypted_password = base64_encode($password_crypt) ;
• signature = signature generated (see the signature generation process ==> Génération de la signature).

NB : Don't forget to url_encoder each parameter passed !

This article seem useful to you ?

Catégorie:API