Changelog
Introduction

Sections

Changelog

Theme switcher

Authentication

Our system implements a security mechanism that utilizes token-based authorization to ensure secure resource access. The authentication process involves using an Authorization header, following the token scheme. This section outlines the steps required for obtaining and using the authentication token to access protected resources.

Security Best Practices

To ensure the highest security standards, all communication with our services should be performed over encrypted channels (for example, using SSL/TLS protocols). Unencrypted or insecure connections are not recommended and may be rejected by the server. In particular, please make sure to always connect to the secure port (e.g., 443) assigned for encrypted traffic.

Note: Attempting to establish unencrypted connections or using insecure credentials may cause authentication or connection failures. Always utilize encrypted methods and secure credentials.

Obtaining the Token

The authentication token is obtained from our Customer Relationship Management (CRM) system. You must first authenticate yourself within the CRM to receive a token. This token acts as a digital key, granting access to the system's resources for the duration of the token's validity. Tokens are valid until revoked.

Using the Token for Access

Once the token is obtained, it must be included in the request to access secured resources within our system. The token is added to the HTTP request's header as follows:

Plain text
Authorization: Bearer <Your_Token_Here>

Incorporating Authorization in gRPC Requests

In gRPC, the traditional concept of HTTP headers is abstracted through metadata, allowing for the transmission of key-value pairs alongside RPC calls. To secure gRPC services with token-based authentication, the Authorization metadata (with the Bearer prefix) must be included with each call. This process is similar to using the Authorization header in HTTP requests but is adapted to fit the gRPC framework.

Adding the Authorization Metadata

To include an authentication token in a gRPC request, the token must be added as metadata using the 'Authorization' key, followed by the Bearer token value. This ensures that the server side of the gRPC service can authenticate the request by validating the token.

Code Example (Python)

Below is a generic example of how to add the Authorization metadata in a gRPC client application. The implementation may vary depending on the programming language and gRPC library used.

Plain text
import grpc

# Create a secure gRPC channel (recommended)
channel = grpc.secure_channel('your_grpc_service_endpoint:443', grpc.ssl_channel_credentials())

# Prepare metadata with the Authorization token
metadata = [('Authorization', 'Bearer <Your_Token_Here>')]

# Create a stub (client)
stub = YourServiceStub(channel)

# Make a call with the Authorization metadata
response = stub.YourRpcMethod(request, metadata=metadata)

Replace <Your_Token_Here> with the actual token obtained from your CRM system, and adjust YourServiceStub and YourRpcMethod to match your gRPC service definition.

Was this section helpful?

What made this section unhelpful for you?

On this page
  • Authentication