About

Welcome to the OpenAPI specification for the MAT Auth Manager, a robust and efficient service designed to handle authentication with various authentication providers.

This document outlines the OpenAPI specification for MAT Auth Manager version 2.5.0.

The MAT Auth Manager API provides a secure, reliable, and easy-to-integrate solution for managing authentication processes. It is tailored for applications needing to authenticate users or services via different authentication providers. Our API supports various operations, including obtaining application tokens, refreshing tokens, and checking user permissions.

This API is built on the principles of simplicity and flexibility. It offers various endpoints, each serving a specific purpose in the authentication management process. Whether you are looking to authenticate an application, refresh an existing token, or check user permissions, our API delivers a streamlined and secure approach.

Key Features

• Secure Authentication: Utilizing Basic Authentication, our API ensures a secure interaction with all endpoints;

• Application Token Management: Easy retrieval and management of application-specific tokens;

• Token Refresh Capability: Efficient and secure mechanism for refreshing existing tokens;

• User Permission Checks: Robust endpoint for verifying user permissions within an application context;

• Compatibility: MAT Auth Manager is compatible with various identity provider, such as Azure Active Directory, Mindsphere user management, Fusionauth ecc.

Data Acquisition Workflow

The diagram illustrates the interaction between two services: Authentication Manager (Auth Manager) and a Data Manager, as they engage with a Third Party Service and the MAT Databse (Customer Database)

---

Authentication and Data Management Workflow Description

1. Token Acquisition: a Third Party Service begins the process by obtaining a TOKEN. It uses application credentials to request this TOKEN from the Authentication Server. The Auth Manager facilitates this process by verifying the application credentials and issuing a TOKEN if the credentials are valid;

2. Data Request: with the TOKEN acquired, the Third Party Service then requests data from the Data Manager. It sends a request containing the TOKEN to access the desired data;

3. Token Validation:upon receiving the data request, the Data Manager does not immediately retrieve the data. Instead, it first sends a request to the Auth Manager to validate the TOKEN;

4. Verification: the Auth Manager checks the TOKEN's validity by consulting the Authentication Server. The server confirms whether the TOKEN is still valid and informs the Auth Manager;

5. Data Retrieval: once the Auth Manager validates the TOKEN, it communicates this back to the Data Manager. Subsequently, the Data Manager proceeds to retrieve the requested data from the Customer Database, assuming the TOKEN is valid;

6. Data Provisioning: finally, the Data Manager provides the requested data back to the Third Party Service, completing the transaction.

This workflow ensures that only authenticated and authorized Third Party Services can access data, maintaining the integrity and security of the Customer Database. The TOKEN system acts as a gateway that enforces authentication and authorization, thereby safeguarding sensitive information and resources.