Download OpenAPI specification:Download
This guide describes list of API services that are provided by OT Rainbow authentication portal system. Services are used to manage OT Rainbow authentication.
REST interface is used for sending/receiving OT rainbow API messages.
HTTP request GET is used. Standard HTTP responses are used to provide requested information or error status. There is no session notion in OT Rainbow system, so requests could be issued according stateless model, without transport conservation between them.
JSON is used as a main format for data encoding in message body part. Each request is started with the following pattern /{module}/{version}/ where {module} is a portal module name to address and {version} is a version of used API, par example, “v1.0”.
Each request should contain some credential information to authenticate itself. Standard HTTP authentication with basic/bearer modes is used. JSON Web Token mechanism is used to provide authentication information. JWT has a expire timeout that is controlled by OT Rainbow portal to prevent very long token usage. Also authentication with application token is used. The token must be provided in the request HTTP header, using a custom header: APIKey. At server side, token is verified, and if it doesn’t match, 403 Not Allowed response is sent. TLS is used as a transport protocol to support message exchanges between OT Rainbow portal and an application.
For accessing the API a valid JWT token or a valid OAuth has to be provided access token must be passed in all the queries in the 'Authorization' header.
Security Scheme Type | API Key |
---|---|
Header parameter name: | Authorization |
This API allows Rainbow users to login.
The application is also authenticated during the user login.
If login is successful and multi-factor authentication isn't activated for user (or activated but not configured), the API returns a JSON Web Token (<abbr title="JSON Web Token">JWT) which has to be provided by clients for all Rainbow APIs requiring user authentication:
The JWT returned contains the following data in payload:
{
"countRenewed": 0, // Number of times the token has been renewed
"maxTokenRenew": 5, // Number of times the token can be renewed
"user": {
"id": "572756967bfbca0d0e09a6b4", // Logged in user id
"loginEmail": "user@company.com" // Logged in user loginEmail
},
"app": {
"id": "598983029db9b5b14693a6f0", // Application id used for the authentication
"name": "My App" // Application name
},
"iat": 1463588327, // (Issued At) Time at which the JWT was issued
"exp": 2183588327 // (Expiration Time) Expiration time after which the JWT won't be accepted
}
If the login
/ password
combination is wrong, an error 401 is return (errorDetailsCode 401500
).
If the appId
/ appSecret
combination is wrong, an error 401 is return (errorDetailsCode 401500
).
The following login protection is implemented:
401500
is returned.401501
is returned: the user account is locked for the given time period.401501
will be returned for each new login attempt for this user account
(even if a good login / password combination is provided). If the login / password combination is wrong, the locked time period restarts from this new wrong attempt.If multi-factor authentication is activated for the user and enabled, depending on the configuration of selected policy the API may return a JSON Web Token (<abbr title="JSON Web Token">JWT) which has to be provided by clients for all Rainbow MFA APIs requiring user authentication:
The JWT returned contains the following data in payload:
{
"maxTokenRenew": 0, // Number of times the token can be renewed
"user": {
"id": "572756967bfbca0d0e09a6b4", // Logged in user id
"loginEmail": "user@company.com" // Logged in user loginEmail
},
"app": {
"id": "598983029db9b5b14693a6f0", // Application id used for the authentication
"name": "My App" // Application name
},
"mfaType": "totp",
"iat": 1463588327, // (Issued At) Time at which the JWT was issued
"exp": 2183588327 // (Expiration Time) Expiration time after which the JWT won't be accepted
}
Warning
x-rainbow-app-auth required | string Application authentication Basic <base64encode( |
x-rainbow-client-version | string The client version The client version is used to verify if the client application has the minimal version required to use the Rainbow servers infrastructure. If the version of the client is under the configured minimal version, the login is refused and an error 403 is returned (403020). The minimal version required is set by the Rainbow infrastructure team when needed (for example, when some breaking changes has been added on server side, when a security issue has been identified on client side, ...). Client version example: 1.75.0 |
x-rainbow-trusted-appid | string an id associated to the application which realizes the login operation This id will be checked to the ones stored in datababase in case of multifactor authentication is activated for the user and configured to be run only for only unstrusted application |
accept required | string application/json |
{- "errorCode": 401,
- "errorMsg": "Unauthorized",
- "errorDetails": "User 5c00f9bdcf5d6c01cc8ff4b5 has a Voice Phone license. He is not authorized to log in to Rainbow.",
- "errorDetailsCode": 401223
}
This API allows Rainbow users to logout.
Note: This API must not be called with ApiKey as authentication method.
accept required | string application/json |
{- "status": "User user1@company.com successfully logged out",
- "data": [ ]
}
This API allows Rainbow users to renew their JSON Web Token (<abbr title="JSON Web Token">JWT), thus extending the expiration date of their current JWT.
This API requires user to be authenticated with a valid non expired JWT.
If so, a new JWT is returned, with the expiration date starting from now.
Warning:
x-rainbow-client-version | string The client version The client version is used to verify if the client application has the minimal version required to use the Rainbow servers infrastructure. If the version of the client is under the configured minimal version, the JWT renew is refused and an error 403 is returned (403020). The minimal version required is set by the Rainbow infrastructure team when needed (for example, when some breaking changes has been added on server side, when a security issue has been identified on client side, ...). Client version example: 1.75.0 |
accept required | string application/json |
{- "token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJ1c2VyIjp7ImlkIjoiNTZjNWMxOWY5NDE0MTc2NTExOWY4OTZjIiwibG9naW5FbWFpbCI6InVzZXIxQGNvbXBhbnkuY29tIn0sImlhdCI6MTQ1NjE1MTYzOCwiZXhwIjoxNDU2MTU4ODM4fQ.FlPLNcWY9pTr0QvMj3RpLZJxtqbbydNnWIEr-B2lc4Y6ea41bqJJ-e10Sk_S-1blnG71E7yT625qrkO-UCc0ywR6lWCylcAUkH7-fvjKQbET2mU-4yuNwTd-sNHGzGabgr4n5xtUSMaDunjDgF1kQDZ-dEFPF5NtbN1rdqZP9tzTXrpZ6rmrW2a1o13-hHl7sxN_FqHr_4u_8AhN4dMKUgG0qRjrc1GMJ88M8idH9zTsejU5YQyJqdYQS9T_fSoFzJtS0rmwNCJMdeF2tXj8YQeTjKAiPXoBwklm5xblHxWeCTz9tqfkw1XeNxSO0pOUmpwdpF8kbwDCCa2rgz1z3A",
- "mfaRequired": false,
- "loggedInUser": {
- "id": "56c5c19f94141765119f896c",
- "loginEmail": "user1@company.com",
- "loginPhone": {
- "isValidated": true,
- "E164": "+33312345678",
- "national": "0312345678",
- "nationalWithoutPrefix": "312345678",
- "E164WithoutPrefix": "33312345678",
- "E164WithNationalPrefix": "+330312345678",
- "E164WithNationalPrefixWithoutPrefix": "330312345678"
}, - "firstName": "Firstname",
- "lastName": "Lastname",
- "displayName": "Firstname Lastname",
- "nickName": "Nickname",
- "title": "Mr.",
- "jobTitle": "Research and Development",
- "emails": [
- {
- "email": "user1@company.com",
- "type": "work"
}, - {
- "email": "user1@home.com",
- "type": "home"
}
], - "phoneNumbers": [
- {
- "shortNumber": "1002",
- "pbxId": "PBX712e-bd96-0c27-4350-a3ff-dc0c-83e7-c246",
- "systemId": "57dc0644f44a97c9155cd462",
- "country": "FRA",
- "number": "0390676767",
- "numberE164": "+33390676767",
- "phoneNumberId": "58876dad81e063e01187dd24",
- "isMonitored": true,
- "isFromSystem": true,
- "deviceType": "landline",
- "type": "work"
}, - {
- "number": "0390909090",
- "country": "FRA",
- "numberE164": "+33390909090",
- "phoneNumberId": "577e2e9b86c953de7838d635",
- "systemId": null,
- "isFromSystem": false,
- "deviceType": "landline",
- "type": "home"
}, - {
- "number": "0690909090",
- "country": "FRA",
- "numberE164": "+33690909090",
- "phoneNumberId": "577e2e9b86c953de7838d636",
- "systemId": null,
- "isFromSystem": false,
- "deviceType": "mobile",
- "type": "home"
}
], - "country": "FRA",
- "language": "fr-FR",
- "timezone": "Europe/Paris",
- "jid_im": "2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com",
- "jid_tel": "tel_2d2f1aaf5ce54a2dbae9d70490366562@openrainbow.com",
- "jid_password": "3b3f6e2c927940b2875f1ec604c0363b",
- "roles": [
- "user",
- "superadmin"
], - "adminType": "undefined",
- "companyId": "569ce8c8f9336c471b98eda1",
- "companyName": "My company",
- "isInDefaultCompany": false,
- "organisationId": null,
- "siteId": null,
- "visibility": "same_than_company",
- "isActive": true,
- "isInitialized": true,
- "initializationDate": "2016-01-18T13:30:44.498Z",
- "activationDate": "2016-01-18T13:29:44.498Z",
- "creationDate": "2016-01-18T12:45:44.498Z",
- "lastUpdateDate": "2016-01-19T16:33:22.548Z",
- "lastAvatarUpdateDate": "2016-01-19T11:29:11.567Z",
- "createdBySelfRegister": true,
- "createdByAdmin": {
- "userId": "56d69d020c92b35b3041d433",
- "loginEmail": "superadmin@localhost.fr"
}, - "invitedBy": {
- "invitationId": "574ffe07170a86f3297bc35b",
- "invitationDate": "2016-01-15T13:29:44.498Z",
- "userId": "56d69d020c92b35b3041d533",
- "loginEmail": "user0@company.com"
}, - "firstLoginDate": "2016-01-18T13:29:44.498Z",
- "lastLoginDate": "2016-02-23T09:17:42.523Z",
- "loggedSince": "2016-02-23T09:17:42.523Z",
- "isTerminated": false,
- "guestMode": false,
- "profiles": [
- {
- "isDefault": true,
- "status": "active",
- "canBeSold": false,
- "businessModel": "none",
- "businessSpecific": [
- "NONE"
], - "isExclusive": false,
- "isPrepaid": false,
- "hasConference": false,
- "isBundle": false,
- "assignationDate": "2017-02-17T13:35:27.427Z",
- "provisioningNeeded": [ ],
- "subscriptionId": "5808da2e35d795966e61f9ce",
- "offerId": "58079ed2041fa586e92337cd",
- "offerName": "Essential",
- "profileId": "580777f56fbd22a442d4fb57",
- "profileName": "Essential",
- "offerReference": "RB-Essential",
- "offerDescription": "Rainbow Essential offer",
- "offerTechnicalDescription": "Essential"
}
], - "customData": {
- "key1ANumber": 123,
- "key2AString": "a string",
- "key3ABoolean": true,
- "key4AnObject": {
- "myKey": "My value"
}
}, - "fileSharingCustomisation": "enabled",
- "userTitleNameCustomisation": "enabled",
- "softphoneOnlyCustomisation": "disabled",
- "useRoomCustomisation": "enabled",
- "phoneMeetingCustomisation": "enabled",
- "useChannelCustomisation": "enabled",
- "useScreenSharingCustomisation": "enabled",
- "useWebRTCAudioCustomisation": "enabled",
- "useWebRTCVideoCustomisation": "enabled",
- "instantMessagesCustomisation": "enabled",
- "userProfileCustomisation": "enabled",
- "fileStorageCustomisation": "enabled",
- "overridePresenceCustomisation": "enabled",
- "changeTelephonyCustomisation": "enabled",
- "changeSettingsCustomisation": "enabled",
- "recordingConversationCustomisation": "enabled",
- "useGifCustomisation": "enabled",
- "useDialOutCustomisation": "enabled",
- "fileCopyCustomisation": "enabled",
- "fileTransferCustomisation": "enabled",
- "forbidFileOwnerChangeCustomisation": "enabled",
- "readReceiptsCustomisation": "enabled",
- "useSpeakingTimeStatistics": "enabled",
- "useTeamsMode": "enabled",
- "selectedAppCustomisationTemplate": null,
- "useRoomAsRBVoiceUser": "disabled",
- "useWebRTCAudioAsRBVoiceUser": "disabled",
- "canAccessWhatsNew": "enabled",
- "canAccessFaqCustomisation": "enabled",
- "canAccessHelpCenterCustomisation": "enabled",
- "canAccessStoreCustomisation": "disabled",
- "canDownloadAppCustomisation": "enabled",
- "canUseTestConfigCustomisation": "enabled",
- "canUseSendReportCustomisation": "enabled",
- "canUseTaskCustomisation": "enabled",
- "canCallParticipantPbxNumberCustomisation": "enabled",
- "canSetInvisiblePresenceCustomisation": "enabled"
}, - "loggedInApplication": {
- "id": "08ad88a0028011e8bd1a8788ab975478",
- "name": "My application",
- "type": "web",
- "activity": "J",
- "ownerId": "573f189f774e0a428ee813a3",
- "dateOfCreation": "2018-05-04T14:12:41.413Z",
- "dateOfDeploymentRequest": "2018-06-18T07:22:16.530Z",
- "dateOfDeployment": "2018-06-18T07:22:16.530Z",
- "env": "deployed",
- "state": "active",
- "platform": "official"
}
}