OAuth2.0 authentication
Create your own secure API authentication tokens
Use OAuth 2.0 authentication for the Xtremepush External API, so that you can create, manage and delete tokens independently for different connections.
To create a new key you will need an RSA public key and a JWT Token.
Generate RSA keys
This section describes a method that can be used to create RSA keys using a command line interface tool (for example PowerShell on Windows or Terminal on MacOS), but there are other methods.
- Create a Java KeyStore file:
keytool -genkey -alias <UNIQUE_KEY_IDENTIFIER> -keyalg RSA -keystore xtremepush.jks
This command will ask you for additional information. In the last step type yes
and press Enter.
- Import keys from the KeyStore:
keytool -importkeystore -srckeystore xtremepush.jks -destkeystore xtremepush.p12 -deststoretype PKCS12
- Export the public and private keys:
openssl pkcs12 -in xtremepush.p12 -nokeys -out pubcert.pem
openssl pkcs12 -in xtremepush.p12 -nodes -nocerts -out privatekey.pem
Add the public key to Xtremepush
- Open the newly generated
pubcert.pem
file. - Skip the header and copy the certificate part of the file which starts and ends with
"-----"
. Also include the line endings when copying. - Go to Xtremepush and navigate to Settings > Integrations > API Integration > Add Public Key.
- Type the <UNIQUE_KEY_IDENTIFIER> that was used to create the Java KeyStore file in Client ID.
- Type the certificate key in the Public field area.
It is possible to delete tokens from this same page by clicking on each token's Options menu > Delete.
Create a JWT token
To create a JWT token you will need a token generator: https://jwt.io/
- Open up the JWT generator tool.
- At the top of the page select algorithm:
RS256
- Copy and paste the following in the payload section:
{
"iss": "<UNIQUE_KEY_IDENTIFIER>",
"sub": "<UNIQUE_KEY_IDENTIFIER>",
"exp": 1541054464,
"iat": 1521054464
}
//iss: use the same value that was used to create Java KeyStore file
sub: use the same value that was used to create Java KeyStore file
exp: expiration time, use this tool https://www.epochconverter.com/
iat: This is the time when this JWT was created. This can be any value in history
- Copy the contents of a private key that was created earlier (only the part that begins and ends with
"-----"
) and put it in the private key box in the Verify Signature section - It is also possible to verify that the public key is valid by adding public key contents to the public key box.
- Copy the JWT token that was generated
Use the JWT token for authorization
You can obtain XP authorization token by making a REST API call to the /api/oauth/token
endpoint. Make sure to add the following header to the request:
Authorization: Bearer <jwt_token>
Add the Authorization: Bearer <authorization_token>
header when attempting to make REST API calls to Xtremepush's External API.
Updated 11 months ago