PhenixID DocumentationPhenixID Signing ServicesPhenixID Signing ServiceConfigurationLocal signing - API - Transaction (text) signing using PhenixID OneTouch

Local signing - API - Transaction (text) signing using PhenixID OneTouch

Prerequisites

- Signing Service installed
- The reader of this document should have some basic knowledge about PhenixID Server.
- Changes will be made to the file phenix-store.json, so please make sure to have a backup  of this file.

Authentication

It is recommended to add authentication to the API. These authentication methods are supported:

- Client certificate (recommended).
Use a reverse proxy to add client certificate authentication. Add valves to the pipe(s) to verify the certificate.

- Basic authentication
Add valves to the pipes to perform basic authentication verification.

Add authentication-api module

- Login to configuration manager

- Click the Advanced tab

- Open Modules (click on the pen)

- Add this module. NB! If module is already added, just add the callerVerificationPipe value and the allowedOperation values as below. 

	{
		"module": "com.phenixidentity~phenix-api-authenticate",
		"enabled": "true",
		"config": {
			"tenant": [
				{
					"id": "t1",
					"displayName": "Tenant 1",
               "callerVerificationPipe": "verifyApiClientPipe",
					"allowedOperation": [
						"assign",
						"check"
					]
				}
			]
		},
		"id": "http-auth-api"
	}

- Click Stage Changes and Commit Changes

- Open System nodes (click on the pen)

- Add id of the newly added module to module_refs. Example below.

{
		"name": "WIN-DHB3ICNDG4E",
		"description": "Default node (created automatically)",
		"config": {
			"module_refs": "http-auth-api,sealapp,signapp_1,......"
		},
		"created": "2017-07-03T11:38:03.135Z",
		"id": "493afd0e-0fe8-40e4-b1a1-a24a5e2df6e2",
		"modified": "2017-07-03T14:39:43.257Z"
	}

- Click Stage Changes and Commit Changes

- Restart PhenixID Authentication Server

 

Add pipes to authenticate api client

- Click the Advanced tab

- Open Pipes (click on the pen)

- Add the pipe below. This example is for basic authentication with api client username and password stored in the internal user store. Change the pipe to suite your environment and type of authentication.

{
		"id": "verifyApiClientPipe",
		"valves": [
			{
				"name": "InternalUserStoreValidatorValve",
				"config": {
					"username": "{{request.api_username}}",
					"password": "{{request.api_password}}"
				}
			}
		]
	},

- Click Stage Changes and Commit Changes

Test

Use a HTTP rest client for testing and debugging. Follow this document to structure the HTTP requests properly.