Authorization: ApiKey, Credentials or OAuth 2.0

The GeoPard solution is using AWS Cognito for the auth procedure.

We recommend checking all authorization options. The choice depends on the particular use case. More usage details are described in every option below.

Option 1: Using Credentials

Authorization with β€œusername” and β€œpassword” is one of the possible approaches. In this case, email registration must be done (not using social networks).

The approach is recommended for integration on the API (BackEnd) level and all requests to GeoPard API are proxied via a dedicated special service (microservice).

Login request example:

curl --location --request POST 'https://api.geopard.tech/login' \
--header 'Content-Type: application/json' \
--header 'Content-Type: text/plain' \
--data-raw '{"username":"<email_address>","password":"<password>"}'

Option 2: OAuth 2.0

AWS Cognito supports OAuth 2.0 protocol for authorization. The general overview is described in the article Cognito OAuth2 manual, the sub-article Authorization Code Grant is the most interesting in the GeoPard case.

The approach is recommended to integrate GeoPard at the UserInterface (FrontEnd) level. The integration works in both directions to send/receive data to/from GeoPard.

Keeping the story short:

  1. Your application has to redirect a user to GeoPard Cognito for login or registration.

Example:

curl --location --request GET '
https://auth.geopard.tech/oauth2/authorize?response_type=code&client_id=<connect_geopard_team>&redirect_uri=http://localhost:8080&state=54321
'

Please, connect with the GeoPard team to receive your application individual client_id.

  1. The redirected URL will receive a verification code for the next step.

The redirected URL looks like http://localhost:8080/?code=eb10956a-6d51-49e5-bbfe-9815e3fdc70a&state=54321.

  1. Your application has to exchange code for tokens (access_token, refresh_token, id_token).

Example:

curl --location --request POST '
https://auth.geopard.tech/oauth2/token
' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Cookie: XSRF-TOKEN=365e14e1-3c66-477e-b0ef-a9e436a834ee; csrf-state=""; csrf-state-legacy=""' \
--data-urlencode 'grant_type=authorization_code' \
--data-urlencode 'code=eb10956a-6d51-49e5-bbfe-9815e3fdc70a' \
--data-urlencode 'client_id=42ajne9u466in6gaf569nth9o9' \
--data-urlencode 'redirect_uri=
http://localhost:8080
'

Option 3: API Key

Quick access to WMS and WFS is necessary from time to time. Therefore, it is possible to use the GeoPard API key automatically generated for every account.

The API key is located in the "UserData" GraphQL entity in apiKey attribute.

Must be used with /geo endpoints ONLY.

Usage:

  1. As a geopardApiKey parameter in the GET request URL.

  2. As an X-API-Key header in ANY request.

Last updated

Powered by GeoPard Agriculture - Automated precisionAg platform