service_authentication.rst 1.27 KB
Newer Older
1 2 3 4 5 6
.. _service-authentication:

**********************
Service Authentication
**********************

7 8 9
XiVO services expose more and more resources through REST API, but they also ensure that the access
is restricted to the authorized programs. For this, we use an :ref:`authentication daemon
<xivo-auth>` who delivers authorizations via tokens.
10 11


12 13
Call flow
=========
14

15
Here is the call flow to access a REST resource of a XiVO service:
16

17 18 19 20 21 22
1. Create a username/password (also called service_id/service_key) with the right :ref:`ACLs
   <rest-api-acl>`, via :ref:`web_services_access`.
2. :ref:`Create a token <xivo-auth>` with these credentials and the backend :ref:`xivo-service
   <auth-backends-service>`.
3. :ref:`Use this token <rest-api-authentication>` to access the REST resource defined by the
   :ref:`ACL <rest-api-acl>`.
23 24 25

.. figure:: images/service_authentication_workflow.png

26
   Call flow of service authentication
27 28 29


Service
30
    Service who needs to access a REST resource.
31 32

xivo-{daemon}
33
    Server that exposes a REST resource. This resource must have an attached ACL.
34 35

xivo-auth
36
    Server that authenticates the `Service` and validates the required ACL with the token.
37

38 39
XiVO services directly use this system to communicate with each other, as you can see in their Web
Services Access.