To maintain a high level of security, the authentication process enables the application to get an authentication token without ever handling the user's account login information. Upon successful completion of this process, the external application is provided with credentials for the related user. The credentials are unique to the user + application.
The user has the ability to revoke the applications access to their account at any time by administering their 3rd party accounts directly within their Datawitness account.
The authentication process shown below, illustrates the interactions between the three entities involved: web application, Datawitness, and the user.
1. When the web application needs to access a user's account, the app constructs a GET which includes the app's API key and the url which the user should be directed to upon completion.(check the examples page for ways to do this)
2. The user logs into Datawitness and is presented with an "Authorize Application" page, which prompts the user to allow the 3rd party application access to their account.
3. Once the user clicks Authorize, a unique password is generated for the user+app and the user is notified that it has been successful.
4. If the user successfully logs in and grants access, the Authentication process redirects the user back to the web application URL. The redirect contains an authentication token for the user account.
5. The web application contacts the Datawitness API and passes the API key in a header and performs digest authentication with the user credentials to act as an agent for the user.
6. If the Datawitness validates the token and the digest user/pass process, it will supply the requested data.
Every subsequent request performs authentication as described in steps 5 + 6.