About this section
In the Authentication section, you will find all the information about security and authentication on Smag Link APIs.
Log in within my application
How does it work?
How to process ?
STEP 1 : Get an applicationId
To get an applicationId, please contact SMAG at email@example.com.
Our team will need a callback url to configure the authentification process.
STEP 2 : Get a login url
Use the Request a redirection URI for the Smag account Login page POST endpoint
STEP 3 : Display the login page
STEP 4 : Get the token
Use the token you will retrieve to call Smag Link APIs within your application.
Refresh a token
The token you got using the authentication process will expire after 24 hours.
You can refresh this token using the Renew a token after its expiration endpoint.
SMAG authentication works with an RS256 encryption algorithm.
RS256 (RSA signature with SHA-256) is an asymmetric algorithm and uses a public / private key pair: the identity provider has a private key (secret) used to generate the signature and the consumer of the JWT obtains a public key validate Signature. Because the public key, unlike the private key, does not need to be secure, most identity providers make it easily available and accessible to consumers (usually via a metadata URL).
Connection to a SMAG account in two steps:
User authentication, performed by a third party: security guarantor (password strength, brute force attack, confidentiality, uniqueness of a login / password)
Retrieving login information and redirection to the application with a token. This token allows you to open a work session.