Last updated Dec 21, 2017

Authentication

ASAP (Service-to-service authentication)

All requests to the Cronman APIs (in all environments except ddev) need to have a valid ASAP token from your service to identify the service. With any valid ASAP token (audience = cronman-service), all read methods are available. Write methods are limited to the issuer that matches the service calling the API. That is, you can read anyone's jobs but only modify your own jobs.

To be explicit, if your ASAP token has iss=x you have write privileges to all resources under /tenant/x/... and under /tenant/x:y/... for all y. y should be a cloudId of the customer, if the job belongs to a customer.

One caveat: most ASAP Issuers have a slash in their name, so that needs to be escaped. Some real examples:

ASAP_ISSUERREST Path
micros/caas-service/tenants/micros%2Fcaas-service/
micros-group/jira/tenants/micros-group%2Fjira:5ff09c02-a272-4414-9cf6-c6e788a95b1e/

Rate this page: