Organizing Access to the Tangl API
Organizing Access to the Tangl API
Before you can use the Tangl API in your service or application, you must have a user account with the necessary access rights and the details of the API client, on behalf of which your application will request the authorization token.
The ability to create and manage API clients is activated by Tangl support team for the company account. After activation, the API client management tools become available to the company administrator in his personal cabinet.
Creating a new API client
To switch to client API management features you need to be a company administrator.
Go to your personal account at https://auth.tangl.cloud/ to the Company section.
You will see a new API Clients tab:
Go to the API Clients tab. The tab contains a button for creating a new client, as well as a list of already created clients.
Click the Create client button. The window with the properties of the new client appears:
In the window you must fill the basic parameters of the client:
- Client name - the unique name of the client.
- Description - optional description of the client. Can be left blank.
- Connectd Tangl applications - Tangl services, which will be used by the client besides the platform. This window shows only the services connected to the company's account. If the company account has no connected services, this section will be empty.
- Allowed Redirect After Login URIs - the list of allowed addresses and paths for redirect after authorization in case of using external authorization through Tangl OIDC flow.
- Allowed Redirect After Logout URIs - the list of allowed addresses and paths for redirect after user logout in case of using external authorization through Tangl OIDC flow.
- Allowed CORS Origins - the list of allowed addresses, from which client can make requests to Tangl servers.
After filling in the client parameters, complete the creation by clicking Add Client.
Getting client details
After creation, the new client will appear in the list of API clients of the company:
By clicking on it, you can open the properties window again. This time it will contain the client's details:
This time in the window you can see the details of the client:
- Client Id - Identifier of the client. Uniquely identifies the client. It is used in the token request.
- Client Secret - The client's secret. Similar to the password. Also used in a token request. By default, it is hidden. It cannot be opened, but you can regenerate it, creating a new secret. It will only be visible as long as the window remains open:
You can also activate and deactivate existing clients:
Manage clients via API
You can also manage clients through the Tangl Auth Server API
See the list of points in Swagger
Getting an access token
To use all the API Tangl REST points, you need to get a JWT Bearer access token, using the username and password for the user whose account is created in the system and has the necessary rights, as well as the ID and the secret of the API client.
POST https://auth.tangl.cloud/connect/token
- Request parameters format: x-www-form-urlencoded
- Request body:
client_id:<CLIENT_ID>
client_secret:<CLIENT_SECRET>
grant_type:password
username:<USER_NAME>
password:<USER_PASSWORD>
- The body of a successful answer**😗*
{
"access_token": "<BEARER_ACCESS_TOKEN>",
"expires_in": 31536000,
"token_type": "Bearer",
"refresh_token": "<REFRESH_TOKEN>",
"scope": "address BimTangl.Value.Server email IdentityServerApi offline_access openid profile role Tangl.Server"
}
If successful, the response body will contain a JWT Bearer access token to be used in all other requests to Tangl servers.