This document explains the mechanism to connect with PeopleStrong Alt Products APIs
For security every API needs to have two parameters
a. API Key
b. Authorization token
This is the client specific key which is generated at PeopleStrong API gateway and shared with the client to access the API. The key is validated at the API gateway and once validated the further resource can be accessed (provided the authorization is validated too). This API key is a mandatory Header parameter to be sent in the API calls.
This is the JWT token that is generated by PeopleStrong central identity Provider. Any source which needs to access the API will have to get the token from the PeopleStrong Auth Server and pass this token in subsequent APIs along with API key to access the resources.
This token generation request must be received from the client’s back-end server and not the source i.e. web or mobile.
The source will first have to call its own back-end server which in turn call the PeopleStrong Auth Server REST API and receive the token. The back-end server can pass this token to source which can use this token along with the API key to directly call the APIs to get the data.
An API caller must be authenticated to get the required information to make the API call. Authentication the caller depends on the type of caller.
For confidential clients like backend integrations, where APIs are called by customers backend systems, standard client credential grant type is used.
Confidential (Backend Systems) Authentication
Authentication request is made to the PeopleStrong auth server to get the auth tokens required for API call with the following details.
Method: - POST
Content-Type: - application/x-www-form-urlencoded
Authorization: - Basic bWF4X2FwaV9jbGllbnQ6N2IyOTYzMDAtOGRjMS00MzM0LTljZTEtYmFkYzhjMWNjOTAy
Body: - grant_type = client_credentials
Authentication Request Example
Authentication Response Example
The response of the authentication call returns the JWT Bearer Token AccessToken which is used to make the API call.
Calling an API
Let us take an example of Job API in referral portal, which fetch jobs that are published for Employee Referral along with filters like Skills, Keywords, Locations, etc. with the following details.
Request Method: - GET
Content-Type: - application/json
API Key: - (to be provided by PeopleStrong)
Authorization: - Bearer eyJhbGciOiJSUzI.1NiIsInR5cCIgOiAiSleyJIjU0YmJjN2.E4LThkY2MtNGFiI6IkJUE
(Access Token received in authentication response)
API Request Example
API Response Example