Need a Access token for API

Hi

I have two apps running in one Pantaris project, one is a app another is a api.
When app wants to connect and call api endpoints it is asking access token.
We tried providing process.env.ACCESS_TOKEN at server side and localStorage.get(‘calponia.user.accessToken’) at client side but both did not worked were giving undefined.

We even tried all solutions mentioned here link but were unable to detect ctl command in exec pod.

Can you provide us a solution to have access token.

Hello rizwannargundkar,

currently we have no dedicated concept for app-to-app communication in the same project.

We know it is crucial for connected workflows and we are working on it.

For now you could create a device and for the device create a token. This token can access both applications. In order to let your app create a device token you will have to create a dedicated app manifest: Documentation | PANTARIS

The permission to create a device token is a special one and has to be requested explicitly. Additionally it will not work in an app sandbox but only for approved productive apps.

Here is what it could look like:

{
  "version": "0.0.1",
  "permissions": {
    "backend": [
      {
        "id": "project.CURRENT.devices.refresh-accesstoken"
      }
    ],
    "frontend": [ ]
  }
}

I hope that clarifies your question :slight_smile:

Is it possible to call this api below
Pantaris API CIAM
here I need the CIAM login code of the user. from where can I get that code ciam?

You can call it, but it will redirect the current user to the login. If its called from a backend it will not work because you will get a redirect to the user login promt.

The CIAM login code is returned after the user logged in, thats the only way to get it. Its purpose is to be secret and not used by anyone else that the real user on login. You do not have to take care of it. If the user is accessing your application. We will check if he is logged in and has access to the app and redirect him to the login if needed.

If you need an accesstoken, you can use the method i described above.

Hi @hans.ferchland

That https://api.pantaris.io/v2/users/login/ciam gives token in the response of current user so thought to give a try.
But anyway I will try what you suggested and provide you feedback.

and one more api is available GET access token
which provide the access token but require id which again we don’t know from where we get it.

If you create a device accesstoken you will once get the plain token (you can use for whatever you need it) and also the id. Even with the id, you can only check if it exists, you will never again get the plain token, so make sure to save it the first time.

1 Like

Find more information about how and when to use which token here: Documentation | PANTARIS

1 Like

We want this app to work in sandbox… it is still not a productive app.

I tried all the mentioned points from the given link authorization nothing worked.

Need help on how to setup Pantaris CTL.
It was unable to detect Pantaris CTL command.

Hello @rizwannargundkar,

this may expose a security risk and is therefore not possible for now. We already have concepts to allow this also for sandbox apps, but this will take some more time.

As a workaround you could use a hardcoded equipment token from a test project (only for the sandbox, never do this in production).

This is an experimental feature designed to control and inspect your app from your local computer, it is not designed for app to app communication at all.

Hello @rizwannargundkar !

The links given by @thomas.schuerle are basically correct, however some kind of incomplete.
What is missing there is the hint, how to use that token for the generated (IoT) Device.

You find this hint in the Pantaris API Documentation - quite prominently in the first section Authorization. It explains how you have to give your Device’s Token as an HTTP Header when hitting your Pantaris-hosted API.

Authorization: Token <your token goes here>

To conclude: all information is available, indeed, but it’s scattered and spread across various documentation sources.

Can we use device token to communicate between the apps in one PANTARIS projects?

yes, i answered this in the beginning:

Hi

  • I have created the mentioned manifest and published the same but still I see the access token issue.

  • Is there is a way to test this before I publish, Since publish has some process which takes sometime. and we cannot publish every often to test this access token issue in productive.

Hi Hans @hans.ferchland ,

Any idea about our issue as mentioned by Rizwan? It is really urgent and we cannot perform further for the features we promised to our customer.

Thanks again for your support!

br,
Wanli

1 Like

Hey there, just to answer this question in the meantime:

You can test your applications using user- or custom-tokens, which have the required permissions. For example you can read out our user token (which should be a project owner) and use this for testing.

Hi David

  1. If we retrieve the access token from the user- or custom-tokens or from cookie storage, it operates at the user level. However, we encountered an issue where the access token is only valid within our project. If we provide our application to another project, their access token will be invalid, resulting in non-functional APIs.
  2. ((Two app’s communicating inside pantaris) : We have two applications, a backend app and a frontend app, that communicate with each other. The backend app exposes APIs, while the frontend app consumes them. Both apps are hosted in Calponia. In order for the frontend app to communicate with the backend, we need to include an access token in the headers to access the APIs. However, using the approach mentioned above won’t work since the access token is specific to each user. The manifest solution is also not applicable in this scenario. We require an automatic access token generation mechanism, and we need to pass the generated token value in the headers of the frontend app.
  3. I have created the mentioned manifest and published the same but still I see the access token issue.

Hello,

As i said, there is currently no way to test the refresh-accesstoken permission in sandboxes. You could publish the application as confidential application. It will take some time until approved, but i see it as the current only way.

We have already a plan on how to improve this in the future.

Kind Regards,
Hans Ferchland

Hello Hans,

We are exposing MultiEndpoints Documentation | PANTARIS so where to keep the manifest.json file in this case??

ok, understood.
But it seems still not working even we publish the app. See comments above from Rizwan.
I think Rizwan is in contact with other colleagues. I hope this will be solved soon!
Thank you anyway!

br, Wanli

1 Like