All requests to Territory Manager are under authentication management. The authentication is done by the Nomadia gateway (https://app.geoconcept.com)
Before accessing Territory Manager, you need to get an authentication token given by the gateway. For that, you need to call the gateway (https://app.geoconcept.com/token). The following parameters are mandatory:
- appkey: an application key
- apptoken: an application token
These credentials are given by Nomadia. Each key/token couple is dedicated to a user and is linked with the user subscription and rights on services and applications.
Request example:
https://app.geoconcept.com/token?appkey=KEY&apptoken=TOKEN
The response is a JSON object which contains the following fields:
- status: the status of the request (OK or ERROR)
- result: the authentication token
Response example:
{
"status":"OK",
"result":"esEfh8uH7J0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.dfdsfdsgvl56kjcjsqkdjzkqhjhgrza24FDghHUF0"
}
The authentication token will be used in each request during the server to server communication and for initializing the IFrame injection.
There are two ways to pass the token, which are:
- as HTTP header: the name of the header is "Authorization". The value is like this pattern "Bearer AUTH_TOKEN", with AUTH_TOKEN, the retrieved authentication token. This way is used for WS calls (POST or GET)
- as Parameter: the name of the parameter is "token" and the value is the retrieved authentication token. This way in all requests, even if the header way is recommended, for security reasons. It is mandatory for IFrame injection
Using the injection protocol, the last request will send you a session token, used for IFrame injection to retrieve the Territory Manager context injected.
The IFrame injection must have at least 2 parameters:
- token: the authentication token as describe before (token=AUTH_TOKEN).
- gcTempToken: the session token, retrieved from the last injection request (gcTempToken=SESSION_TOKEN).
The pattern of the request is:
https://app.geoconcept.com/gtm/gtmintegrationauth?gcTempToken=SESSION_TOKEN&token=TOKEN
After that, a session cookie will be used to manage the security. This cookie is automatically managed by the application.
The following diagram describes the authentication and security process:
