Introduction to Verify Token API

The Verify Token API is used to provide device verification. This is a process to verify that newly registered device is verified by Application Backend.

It is done by Application Backend, and completed at Safous Web Application and API Protection (WAAP).

Flow Diagram

VT Diagram
Description :

Before doing the process, Backend application will generate a private key and share the value of public key to Safous WAAP.

  1. Client Application request verification token for registered customer and get return verify_token (in JWT format).
  2. Client Application request device verification to safous WAAP and get return OK http response of 200 that the customer has registered.

Verify Token API – Backend Application

This API is called by client device after device registration process at Safous WAAP, to the specified URL at Application Backend. The objective of Verify Token API if to provide a verification by Application Backend that the registered device at Safous that calls this API is used by the User's Application. By verifying the device request, the Application Backend returns a token (Verify Token) that identifies the application user.

This API provided by Application Backend, or can be provided a 3rd party that is trusted by Application owner.

Request

URL

https://example.xxx.xxxx.safous.com/api/devices/verify

Method

GET

Content-Type

application/json

Body

{"device_id": "xxxxxxxxxxxxxxxx"}

 

Description

device_id

device_id or Session id

 

 

 

 

 

Response

Body

{"verify_token":"eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIwODUzNTM1MzUzNTMiLCJuYW1lIjoieXVkaGEgc2l0dW1vcmFuZyIsImlhdCI6MTUxNjIzOTAyMn0.tHptXTxwg85Y-DkN0H8VRZ-mK_FBi7L6HNtwgm6ekPk",

"token_type":"Bearer",

"expires_in":"60"}

 

Description

Verify_token

Verification user for safous WAAP in format JWT

token_type

Token type

expires_in

Expired verify_token (in second)

 

 

 

 

Verify Token API – Safous WAAP

This API is called by client device after receiving Verify Token from Application Backend.

When Safous WAAP receives this request, it verifies the validity of this token and updates the policy linked to the client device which then enables it to connect to separate URL setup to access Application Backend's APIs.