The Mavryx API uses the OAuth2 authentication process flow and JWT tokens for authorization of requests. The token is generated through the Authentication interface, which requires valid application credentials (client ID and application secret and/or user login and password).
The generated JWT token is digitally signed and can be validated online or offline, provided that the client previously retrieves the public certificate from the server.
The Mavryx distinguishes three types of tokens depending on the scenario:
- Application token (the application acts on its behalf)
Backend application storing the token securely on the server side (may have high permissions). - User-acting application token (the application acts on behalf of the user)
Frontend/backend application storing the token securely on the server side (may have high permissions) or publicly (reduced permissions, such as viewing certain elements only). - User token
Frontend application with reduced permissions.
Authentication process flow
The Mavrix platform fully implements the following standards:
