Versions Compared

Old Version 1

changes.mady.by.user Morten Lindequist Køhler

Saved on

compared with

New Version Current

changes.mady.by.user Jan Wisén Francke-Larsen

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
private static string computeHash( string hashString ) {
  using( System.Security.Cryptography.SHA256 encrypter = System.Security.Cryptography.SHA256.Create() ) {
    byte[] strBytes = Encoding.UTF8.GetBytes( hashString );
    byte[] encryptedBytes = encrypter.ComputeHash( strBytes );
    return Convert.ToBase64String( encryptedBytes );
  }
}

Example

Password
(clear text)

Password
(SHA 256)

Password
(Base64)

Test

532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25

Uy6qvZV0iA2/drm4zACDLCCm7BE9aCKZVQ16bg80XiU=

Bearer token authentication

...

For the GET endpoint, the username and password needs to be supplied as query string parameters.

GET /token?username=<username>&password=URL_ENCODE(<BASE64(SHA256(<password>))>)

Note

Note that the Base64 encoded password needs to be URL encoded to ensure correct transfer as a query string parameter.

...

For the POST endpoint, the username and password, following the OAuth2 standard, needs to be sent to the endpoint using three form-urlencoded parameters - username, password & grant_type.

username=<username>&password=<BASE64(SHA256(<password>))>&grant_type=Password

Note that is preferable to use the POST endpoint instead of the GET endpoint if you are running a version of Perfion that supports it. This is to avoid sending sensitive information in a GET request that may be cached.

...

Starting from version 5.0 of the Perfion API Services, it supports using Bearer tokens issued by Azure AD B2B. This requires that the Perfion API Services has been configured correctly. Please refer to Perfion API – Installation Guide for details on how to configure this.

...

If something goes wrong, e.g. the API is not found or the selected user is not found, an error will be shown instead!

...

Validation of Bearer Tokens

Verification of the validity of a bearer token is based on a digital signature contained within the token itself. Tokens issued by Perfion is digitally signed using a private key which from the 2024-R2 release may be re-generated via system settings.

...

Note

Please note that re-generating the secret key will render any existing tokens invalid. If any “persistent” tokens are in use, for instance in eCommerce connectors, these will need to be updated.