Authorizations

The Authorizations screen allows you to configure endpoints to validate the client ID and/or access tokens of event publishers, allowing them to send requests to Events Hub.

To define authorized requests, you can add security interceptors such as OAuth Validation, JWT Validation, Client ID Validation and Access Token Validation to the policies applied to handlers. When at least one of these interceptors is used, Events Hub will send requests to the authorization URLs configured on this screen to validate the publishers and accept their requests.

The use of security interceptors is optional. However, if you add policies to your handler, you need to configure the Authorization URL linked to the interceptor. Except for "IP Filtering Validation," all others depend on this configuration to work. If you are using the Sensedia API Platform for this, here’s how to obtain the authorization URL.
Sensedia API Management v5 clients: To obtain the authorization URL, you must import the Events Hub authorization API.

How it works

The configuration of authorization URLs is done by contexts, which are one of the markers of the event publication URL, formed by: base URL + context + handler + topic.

This context-based configuration makes it easier to send events from different scenarios to the same topic, such as events from production and test environments.

Example of use

Let’s say you want to test topics already used by partner publishers and subscribers but prefer to use an authorization mock for testing instead of the actual authorization endpoints. In this case, you can:

  1. create a context for your tests and enable it for the desired topics;

  2. link publishers and subscribers to send and receive events from the topics corresponding to the context;

  3. and configure an OAuth and/or JWT authorization mock for the context on the Authorizations screen.

With this setup, publishers sending requests to topics in the context you created will be validated by the configured mock. Publishers sending events to the same topics within the default context will be validated by the URL configured for that context.

  • Contexts are logical divisions to facilitate the creation and management of topics, allowing their reuse in different scenarios. They are not physically separated environments.

  • This means that if you use the "Default" context for production events and the "Testing" context for test events, you can control publishers, subscribers, and authorization endpoints for each context. However, all events received and distributed in the Events Hub share the same infrastructure.

  • Tests that overload the infrastructure, even if performed in the test context, could affect the reception and distribution of events in other contexts.

See more about how contexts work.

Configuration

The Authorizations screen has two sections: OAUTH and JWT. Both show all the contexts registered on Events Hub, indicating the authorization URL that is defined for each one.

  • If no authorization endpoint is registered for the context, there will be the icon icon add1 in the ACTIONS column to add a URL.

  • If a URL is already registered, the icon icon edit allows you to edit it and the icon icon delete allows you to delete it.

auth screen

  • If you don’t register or remove the authorization URL for a context, publications sent to it using security interceptors will not be accepted. You will receive an error message with the status code 401, indicating that you are not authorized.

  • In this case, publications for topics intercepted by OAuth or JWT are blocked.

Obtaining the Authorization URL using the Sensedia API Platform

To use the Sensedia API Platform as the policy validation server, you need to do some configurations:

  1. Access Sensedia API Platform  API Design  API Catalog and search for API Events Hub Authorization;

  2. In the API Events Hub Authorization, go to the Environments section. Choose the environment you want to configure, click on the icon link, and copy the URL. You will need to complement it with interceptor information, so paste it into a file;

  3. Go to the Resources and Operations section and copy the POST path of the interceptor type you will use;

  4. Paste the interceptor’s path at the end of the environment URL. This will be your authorization URL;

  5. With the full URL copied, access Events Hub  Authorizations and find the context that will be validated by this authorization;

  6. Click on the icon icon add1, paste the authorization URL and save.

If you are registering a test context for authorization, in the Environments section, copy the link of your test environment.

The Resources and Operations section is divided between OAuth and JWT. When copying the path of your URL, be aware that:

  • The authorization URL must be generated respecting the policies added to the context;

  • If you added OAuth Validation interceptors, copy the OAuth path.

  • If you added JWT Validation interceptors, copy the JWT path.

Interceptors are configured in policies, which are applied to handlers when they are created or edited. All topics grouped in a handler use the interceptors configured in the policy applied to the handler.

Learn how to use the Sensedia API Platform for publisher authorization.
Thanks for your feedback!
EDIT

Share your suggestions with us!
Click here and then [+ Submit idea]