Skip Navigation LinksALVAO 11.2Extension modulesALVAO Asset Management Enterprise APIAuthentication Skip Navigation Links.


Change Alvao version
Change language
Skip Navigation LinksALVAO 11.2 / Extension modules / ALVAO Asset Management Enterprise API / Authentication

Authentication

You can use Microsoft Entra ID (ME-ID) authentication or basic authentication to access the REST API.

Permissions for REST API operations are governed by the permissions of the accessing user in Alvao.

Microsoft Entra ID

First, in Alvao, set up the Microsoft Entra ID user authentication.

Applications with a logged-in user (on behalf of)

In order to access the REST API from an interactive application to which users are logged in (e.g., a web or mobile app), the accounts of those users must be imported into Alvao. To authenticate access, do the following:

  1. Authenticate the user with the appropriate token to the Microsoft Entra ID application you have assigned to Alvao.
  2. Pass the obtained token to the REST API in the HTTP header Authorization: bearer <token>.

Non-interactive applications

For access from applications or scripts that do not work with the logged-in user (e.g. integration script), do the following:

  1. In the Microsoft Entra ID application associated with Alvao in the App registration section add the optional token (see more):
    1. In the application go to Token configuration.
    2. Click on Add optional claim.
    3. Select Access in Token type and the idtyp claim and confirm with the Add button
  2. In Microsoft Entra ID, register a new application for the application that will communicate with the REST API.
  3. Create a new user in Administration - Users. Turn on the Application Account option, select the Microsoft Entra ID Application type, and add the application details registered in the previous step. Then assign the necessary permissions in Alvao to the account.
  4. Get a token for the application from step 2 using the Client credentials flow (set as scope: <Client ID ALVAO application>/.default) and pass it to the REST API in the HTTP header Authorization: bearer <token>.

Basic authentication

Basic authentication is only for access from non-interactive applications.

  1. Create a new user in Administration - Users. Turn on the Application Account option and select the Other Applications type. Then set the account password and assign the required permissions in Alvao.
  2. Pass the REST API username and password via the standard basic authentication header.
Tip:
We recommend using the more secure method of authentication via Microsoft Entra ID.

 

Did not find what you were looking for? Ask our technical support team.