Symphony

Symphony Authenticator API

The Symphony Authenticator API enables bots and on-premise processes to authenticate via mutual TLS certificate. Returns session tokens required for all subsequent API calls. Runs on both the Pod and the Key Manager, and both tokens are needed for full authentication.

GitHub OpenAPI

Documentation

📖
Documentation
https://docs.developers.symphony.com/bots/authentication

Specifications

OpenAPI
https://raw.githubusercontent.com/api-evangelist/symphony/refs/heads/main/openapi/authenticator-openapi-original.yml

OpenAPI Specification

authenticator-openapi-original.yml Raw ↑ 
swagger: '2.0'
info:
  version: 20.14.1
  title: Symphony Authenticator API
  description: |
    For bots and other on-premise processes to authenticate. Once
    authenticated, the bot will be able to use the methods described in
    serviceAPI.yaml and agentAPI.yaml.

    Connections to the servers will be over
    client authenticated TLS, the servers for this API will perform the
    authentication by inspecting the certificate presented by the
    SSLSocketClient.

    There will be two implementations of this API, one on your Pod
    and one on the Key Manager. In order to fully authenticate,
    an API client will have to call both of these implementations
    and pass both of the session tokens returned as headers in all
    subsequent requests to the Symphony API.
paths:
  /v1/authenticate:
    post:
      summary: Symphony Authenticate
      description: >
        Based on the SSL client certificate presented by the TLS layer,
        authenticate

        the API caller and return a session token.
      produces:
        - application/json
      tags:
        - Authenticate
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/Token'
        '400':
          description: Client error.
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: >-
            Forbidden: Certificate authentication is not allowed for the
            requested user.
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Server error, see response body for further details.
          schema:
            $ref: '#/definitions/Error'
  /v1/app/pod/certificate:
    get:
      summary: >-
        Symphony Retrieve the certificate that can be use to validate the JWT token obtain

        through the extension application authentication flow.
      produces:
        - application/json
      tags:
        - App
      responses:
        '200':
          description: OK
          schema:
            $ref: '#/definitions/PodCertificate'
        '401':
          description: Client is unauthorized to access this resource
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Server error, see response body for further details.
          schema:
            $ref: '#/definitions/Error'
  /v1/logout:
    post:
      summary: Symphony Logout
      description: |
        Logout a users session.
      parameters:
        - name: sessionToken
          description: the session token to logout.
          in: header
          required: true
          type: string
      produces:
        - application/json
      tags:
        - Logout
      responses:
        '200':
          description: OK.
          schema:
            $ref: '#/definitions/SuccessResponse'
        '400':
          description: Client error.
          schema:
            $ref: '#/definitions/Error'
        '403':
          description: >-
            Forbidden: Certificate authentication is not allowed for the
            requested user.
          schema:
            $ref: '#/definitions/Error'
        '500':
          description: Server error, see response body for further details.
          schema:
            $ref: '#/definitions/Error'
definitions:
  Error:
    type: object
    properties:
      code:
        type: integer
        format: int32
      message:
        type: string
  Token:
    type: object
    properties:
      name:
        description: >
          The name of the header in which the token should be presented on
          subsequent API calls.
        type: string
      token:
        type: string
        description: >
          Authentication token that should be passed as header in each API rest
          calls.

          This should be considered opaque data by the client. It is not
          intended to contain any data interpretable by the

          client. The format is secret and subject to change without notice.
      authorizationToken:
        type: string
        description: >
          (Beta) Short lived access token built from a user session. This field
          is still on Beta, please continue using 

          the returned "token" instead.
  PodCertificate:
    type: object
    properties:
      certificate:
        description: Certificate in PEM format
        type: string
  SuccessResponse:
    type: object
    properties:
      message:
        type: string
tags:
  - name: App
  - name: Authenticate
  - name: Logout