From external systems, you can authenticate into Interact via an API key and secret.
An API Key can be created from within the security settings within control panel. When you create an API Key, a secret is automatically generated - which must be kept private and secure. Once a secret is generated, it cannot be retrieved again.
Anyone with access to the API Key and Secret will be able to access the intranet APIs as any user.
The API Key and Secret should never be included in front end code or returned for use by the front end.
If you suspect a key has been compromised, delete it immediately from the control panel.
Keys should be regularly rotated.
Using an API Key and Secret, allow you to authenticate with Interact as a specific user. This involves making an authentication request using the authorization_code
grant type (rather than password
).
An example of using the API Key and Secret is below.
static void Main(string[] args)
{
var tenant = new Guid("e822a190-a116-4779-ad0a-87631b51898a");
var apiDomain = "{{your_ApiDomain}}";
var key = "my-key";
var secret = "my-secret";
var personId = "person-id-to-login";
var accessToken = "";
// do login
var body = new Dictionary<string, string>();
body.Add("grant_type", "authorization_code");
body.Add("code", $"{key}__{secret}");
body.Add("context", "KeySecret");
// Send a Post request (including the X-Tenant header)
var resp = Post($"{apiDomain}/token?personid={personId}", body, tenant);
dynamic obj = JsonConvert.DeserializeObject(resp);
accessToken = obj.access_token;
refreshToken = obj.refresh_token;
dynamic people = JsonConvert.DeserializeObject(Get($"{apiDomain}/api/people", tenant, accessToken));
foreach (dynamic person in people.Results)
{
Console.WriteLine($"{person.personId} - {person.FullName}");
}
}
Please see https://developer.interactsoftware.com/reference/security-and-authentication for more information and dependent methods used in this example.