Versions Compared

Version Old Version 12 New Version 13
Changes made by

Karol Januszewski

Karol Januszewski

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Excerpt

Overview


This page describes a fast example of security integration in a 3rd-party service.
The example is based on the current state of the regression environment.


Nutrition OAuth 2.0 Provider is authorization provider for Nutrition Mulesoft APIs. It is dedicated for Machine To Machine (M2M) integrations.

Required precondition:

  • Mulesoft applications created in Reckitt Anypoint Exchange with client_id and client_secret :
    • one for non-prod environment
    • second for production

To achieve this precondition, either way is the proper way 'on request' / 'self service':

On request:

If you don't have access to Reckitt Exchange, please submit your request by creating a Jira Ticket → NUTRITNG JiraBoard Link

Self service:

If you already have access to Reckitt Exchange please follow these steps:

Expand

Request for access to the Nutrition OAuth 2.0 Provider → Exchange Link :

  • CDP-STAGE: with your non-prod application
  • CDP-PROD: with your production app

The request will be reviewed within 2 business days.

Application name should:

  • describe the API Consuming System
  • indicate NON-PROD / PROD environment of the API Consuming System as a suffix

Examples:

  • 'SFMC Pop-up sync for ASEAN Profiles PROD' :  (tick) - does describe the system and the environment
  • 'POC Salesforce Mulesoft Data Integration' :  (error) - does not describe the system, does not indicate the environment



Proper authentication:


The steps are:

  1. Create Authorization Token
  2. Consume API with the Token


1. Create Authorization Token

To do that need to send a proper request according to below specification:

Method: POST

Endpoints

  • Stage: https://api.cdp-rb.com/stage/v1/oauth/token
  • Production: https://api.cdp-rb.com/v1/oauth/token

Payload (type: application/json):

  • client_id - String, mandatory
  • client_secret - String, mandatory
  • grant_type - String, mandatory, enums: [CLIENT_CREDENTIALS]

  example request:


Code Block
languagejs
titlerequest payload
{
    "client_id": "459c3f28a4154781bc3bu7ec464ape9c",
    "client_secret": "1FbDA0fF59cA4dD9B5183E28de594Bc1",
    "grant_type": "CLIENT_CREDENTIALS"
}


example response payloads:



Code Block
languagejs
titlesuccessful response: 200
{
    "access_token": "dfstzdakvbiRzhSZdw7HKwe0QkbiTFQoaJiP0yx3HWAxbq3mX_zpsW-EOj0_CZHImnkgIFhIF8kOm5HjYqs96Q",
    "token_type": "Bearer",
    "expires_in": 1800
}


Code Block
titlebad request: 400
{
    "message": "Bad request: /grant_type LOREM IPSUM is not a valid enum value"
}


Code Block
titleincorrect client_id client_secret combination: 401
{
    "error": "Invalid client id or secret"
}


Code Block
titlequota exceeded: 429
{
    "error": "Quota has been exceeded"
}

Create Authorization Token Rate Limiting

This endpoint to create Authorization Tokens has an SLA Based Rate Limiting as follows:

  • the rate limiting is applied equally for all Clients
  • maxium 5 HTTP calls within 30 seconds for a Client

Authorization Token Time To Live (TTL)

  • the maximum TTL for a token is 1800 seconds  ( 30 minutes )
  • no token refreshing is available


Authorization Token Caching

Caching the Token is highly advised especially considering the 2 factors of described above:

  • the Rate Limiting of OAuth Provider
  • Token TTL



2. Consume API with the Token

For each HTTP request on the API that you would like to consume, add the Token as an HTTP Header:

Code Block
languagejs
Authorization: Bearer dfstzdakvbiRzhSZdw7HKwe0QkbiTFQoaJiP0yx3HWAxbq3mX_zpsW-EOj0_CZHImnkgIFhIF8kOm5HjYqs96Q


For example:

Code Block
languagejs
titleexample Curl on Profile Service
curl --location --request POST 'https://api.cdp-rb.com/stage/v2/profile' \
--header 'accept-language: en-US' \
--header 'program-code: RBGBRVEE' \
--header 'brand-org-code: RBGBRVEE' \
--header 'account-source: GBRVEEECOMFORM' \
--header 'Authorization: Bearer dfstzdakvbiRzhSZdw7HKwe0QkbiTFQoaJiP0yx3HWAxbq3mX_zpsW-EOj0_CZHImnkgIFhIF8kOm5HjYqs96Q' \
--header 'Content-Type: application/json' \
--data-raw '{"Emails":[{"EmailAddress":"karol-test-1@lorem-ipsum.com","DeliveryStatus":"G"}],"SourceCode":"RBGBRVEEWEB","TierCode":"RBGBRVEETIER1","JsonExternalData":{"Agreements":[{"BusinessId":"HARPIC/IN/EN/TC/LT/a031t000004LCVcAAO_","RevisionId":"a042p000019RVIeAAO","ConsentAcceptedInd":true,"ConsentDesc":"TC","MandatoryInd":true},{"BusinessId":"HARPIC/IN/EN/PP/LT/a031t000004M5udAAC_","RevisionId":"a042p000019RVeDAAW","ConsentAcceptedInd":true,"ConsentDesc":"PP","MandatoryInd":true},{"BusinessId":"HARPIC/IN/EN/CP/LT/a031t000004wHoVAAU_","RevisionId":"a042p000019RT0WAAW","ConsentAcceptedInd":true,"ConsentDesc":"CP","MandatoryInd":true}]}}'


...