...
There should be APIs to create, fetch get and verify the master key.
create API
...
nopanel | true |
---|
...
it will be used to create a key with parameters channel, name and orgId.
Approach to generate Key
- Create JWT token with data passed upon. A JWT token will be created using secret key and below data
- channel
- createdBy
- createdOn
- name
- orgId
- expiresOn
- Custom generated time based key
key generation type | pros | cons |
---|---|---|
JWT | no need to store the key in DB | |
Custom | method is available so negligible time consuming | key needs to be stored in db |
No Format | ||
---|---|---|
| ||
POST /v1/masterkey/create Request body : { request : { "channel" : "sunbird", // channel name for which master key is generated "consumer" : "DikshaImplTeam", // consumer name who will use the key "orgId" : "01262366359399628812" // optional orgId to make the key org specific, default value is rootOrgId of channel } } Response body : (Success) 200 { "id": "api.masterkey.create", "ver": "v1", "ts": "2019-01-29 09:17:31:909+0000", "params": { "resmsgid": null, "msgid": "9db786d3-45c2-447d-b657-f9768da15652", "err": null, "status": "success", "errmsg": null }, "responseCode": "OK", "result": { "key" : "1fb786d3-45c2-447d-b657-f9768da15348", "expiresOn": 604800 eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoic3VuYmlyZCIsIm5hbWUiOiJEaWtzaGFJ bXBsVGVhbSIsImNyZWF0ZWRCeSI6MTUxNjIzOTAyMiwiY3JlYXRlZE9uIjoxNTE2MjM5MDIyLCJleHBpcmVzT24iOjE1MTYyNDkwMjIsIm9yZ0lkIjoiMjM0NTY1NDU2In0.Cs5-FW7OHip6njkQvMP6zpIVB5Q-xLLgz_jnYW3zPOw" } } Response body : (Error) 400 { "id": "api.masterkey.create", "ver": "v1", "ts": "2018-01-29 11:12:31:853+0000", "params": { "resmsgid": null, "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf", "err": "KEY_EXISTS", "status": "KEY_EXISTS", "errmsg": "Key exists for given channel sunbird and consumer DikshaImplTeam" }, "responseCode": "CLIENT_ERROR", "result": { } } |
...
Table Structure
column | type | description |
---|---|---|
channel* | text | primary key consist user provide channel namekey |
consumer* | text | provided by user |
orgId | text | master key generatedprovided by user or root org id mapped with channel |
createdby | text | user id who created the master key |
createddatecreatedon | timestamp | created time |
In addition a TTL will be put on the entry for a set time configured in properties file
get API
...
nopanel | true |
---|
...
expireson | timestamp | when the token will be expired |
lastUpdatedBy | text | user who updated the token |
lastupdatedOn | timestamp | time when token was updated |
Errors
status code | error code | error message |
---|---|---|
400 | INVALID_CHANNEL | Channel value is Invalid |
400 | MANDATORY_PARAMETER_MISSING | Mandatory parameter {channel, name} is missing. |
400 | PARAMETER_MISMATCH | Mismatch of given parameters: channel, orgId. |
get API
No Format | ||
---|---|---|
| ||
POST /v1/masterkey/get Request body : { request : { "channel" : "sunbird", "consumer" : "DikshaImplTeam" } } Response body : (Success) 200 { "id": "api.masterkey", "ver": "v1", "ts": "2019-01-29 09:17:31:909+0000", "params": { "resmsgid": null, "msgid": "9db786d3-45c2-447d-b657-f9768da15652", "vererr": "v1"null, "tsstatus": "2018-01-29 11:12:31:853+0000success", "paramserrmsg": {null }, "resmsgidresponseCode": null"OK", "result": "msgid"{ "key" : "8e27cbf5-e299-43b0-bca7-8347f7e5abcf", "err": "KEY_NOT_EXISTS", eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoic3VuYmlyZCIsIm5hbWUiOiJEaWtzaGFJ bXBsVGVhbSIsImNyZWF0ZWRCeSI6MTUxNjIzOTAyMiwiY3JlYXRlZE9uIjoxNTE2MjM5MDIyLCJleHBpcmVzT24iOjE1MTYyNDkwMjIsIm9yZ0lkIjoiMjM0NTY1NDU2In0.Cs5-FW7OHip6njkQvMP6zpIVB5Q-xLLgz_jnYW3zPOw" } } Response body : (Error) 404 { "statusid": "KEY_NOT_EXISTSapi.masterkey", "ver": "v1", "errmsgts": "Key does not exists for given channel sunbird" 2018-01-29 11:12:31:853+0000", "params": { }, "responseCoderesmsgid": "RESOURCE_NOT_FOUND",null, "resultmsgid": {"8e27cbf5-e299-43b0-bca7-8347f7e5abcf", } } |
verify API
No Format | ||
---|---|---|
| ||
POST /v1/masterkey/verify Request body : { request : { "channel" : "sunbird", "key" : "1fb786d3-45c2-447d-b657-f9768da15348" } } Response body : (Success) 200 { "id": "api.masterkey.verify", "ver": "v1", "ts": "2019-01-29 09:17:31:909+0000", "params": { "resmsgid": null, "msgid": "9db786d3-45c2-447d-b657-f9768da15652", "err": null, "status": "success", "errmsg": null }, "responseCode": "OK", "result": { } } Response body : (Error) 400 { "id": "api.masterkey.create""err": "KEY_NOT_EXISTS", "status": "KEY_NOT_EXISTS", "errmsg": "Key does not exists for given channel sunbird" }, "responseCode": "RESOURCE_NOT_FOUND", "result": { } } |
verify API
No Format | ||
---|---|---|
| ||
POST /v1/masterkey/verify Request body : { request : { "key" : "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJjaGFubmVsIjoic3VuYmlyZCIsIm5hbWUiOiJEaWtzaGFJ bXBsVGVhbSIsImNyZWF0ZWRCeSI6MTUxNjIzOTAyMiwiY3JlYXRlZE9uIjoxNTE2MjM5MDIyLCJleHBpcmVzT24iOjE1MTYyNDkwMjIsIm9yZ0lkIjoiMjM0NTY1NDU2In0.Cs5-FW7OHip6njkQvMP6zpIVB5Q-xLLgz_jnYW3zPOw" } } Response body : (Success) 200 { "id": "api.masterkey.verify", "ver": "v1", "ts": "2019-01-29 09:17:31:909+0000", "params": { "resmsgid": null, "msgid": "9db786d3-45c2-447d-b657-f9768da15652", "err": null, "verstatus": "v1success", "tserrmsg": "2018-01-29 11:12:31:853+0000", null }, "paramsresponseCode": {"OK", "result": { "resmsgidchannel": null"sunbird", "consumer": "DikshaImplTeam", "msgidcreatedBy": "8e27cbf500dd6646-e299be73-43b04fb0-bca7b676-8347f7e5abcfccd01bda085e", "err": "INVALID_KEY" "createdOn":1516239022, "status": "KEY_NOT_EXISTS" "expiresOn":1516249025, "errmsg "orgId": "01262366359399628812"Provided key } for} channel sunbirdResponse isbody invalid": (Error) 400 { }, "responseCodeid": "CLIENT_ERRORapi.masterkey.create", "resultver": {"v1", } } |
approach 2:
Previous approach is configured to create a master key only based on channel. This can be modified to create a master key based on organisation too. The changes we will have is we can pass type in the request too. The generated key will be stored with type and value as (channel, abc) or (orgId, "org01")
No Format | ||
---|---|---|
| ||
Request body :
{
request : {
"value" : "sunbird",
"type" : "channel" //channel or orgId
}
} |
get API will be modified to include the type
GET /v1/masterkey/{type}/{value}
The verify API will include additional type parameter
No Format | ||
---|---|---|
| ||
{
request : {
"value" : "sunbird",
"type" : "channel",
"key" : "1fb786d3-45c2-447d-b657-f9768da15348"
}
} |
This also means that table will have another column "type" and it will be used to fetch key accordingly.
Other behavior remains same
approach 3:
...
"ts": "2018-01-29 11:12:31:853+0000",
"params": {
"resmsgid": null,
"msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf",
"err": "INVALID_KEY",
"status": "INVALID_KEY",
"errmsg": "Provided key for channel sunbird is invalid"
},
"responseCode": "CLIENT_ERROR",
"result": {
}
}
|
approach 2:
In previous approach we are considering a master key which will be expired after certain duration. But it can be modified to include a refresh token which can be used to generate a new master key. Note that refresh token has it's own expiry, post that it requires to create a new master key and refresh token by create API call.
...
No Format | ||
---|---|---|
| ||
{ "id": "api.masterkey.create", "ver": "v1", "ts": "2019-01-29 11:18:31:909+0000", "params": { "resmsgid": null, "msgid": "9db786d3-45c2-447d-b657-f9769da15652", "err": null, "status": "success", "errmsg": null }, "responseCode": "OK", "result": { "key" : "3gh686e3-45c2-447d-b657-b3364da84351", "expiresOn": 30, "refreshToken": "3ab586d3-45c2-447d-b657-g9768da13730" } } Response for expired key : (Error) 400 { "id": "api.masterkey.create", "ver": "v1", "ts": "2018-01-29 11:21:31:853+0000", "params": { "resmsgid": null, "msgid": "8e27cbf5-e299-43b0-bca7-8347f7e5abcf", "err": "INVALID_KEY", "status": "INVALID_KEY", "errmsg": "Either the key doesn't exists or it has been expired" }, "responseCode": "CLIENT_ERROR", "result": { } } |
Table structure
column | type | description |
---|---|---|
channel | text | primary key as channel name |
key | text | master key generated |
refresh_token | text | refresh token generated |
key_expiry | timestamp | time when current master key will be expired |
createdby | text | user id of the user who created the entry |
createdon | timestamp | time when entry was created |