API Authentication
Syncplicity API offers two types of Authentication.
Grant-by-token: Used for server application integrations and doesn't require user interaction (i.e. there is no need to render any UI and prompt user for his username and password). This grant is usually used for various data migrations to Syncplicity storage that also act on behalf of different users. This grant type implies that there is an Application Token (which can be provisioned for Syncplicity users) that can be used to authenticate the user instead if his username and password.
Grant-by-user: Used for end-user UI applications and requires to display web UI for entering username and password (either Syncplicity own or SSO provider's form). This grant is useful for applications that interact with user and would like to use Syncplicity storage in their workflows.
You can read more about OAuth Authentication here: https://tools.ietf.org/html/rfc6749#section-4
API User
Syncplicity offers an account type called "API User" that has an Application token to use for grant-by-token authentication. Scopes can be assigned to the application token to provide granular access.
1. API User Account is automatically activated and ready to use. It does not go through the regular user account activation flow.
2. API User cannot login using any client (web, mobile, desktop). This account can only be used for calling APIs. A Global Administrator would be able to create/renew Application token for this account, and also edit Scopes assigned to the Application token.
3. Once created, API User Account cannot be converted to any other Account Type.
Creating Application Token
A Global Administrator can create/renew/delete Application token for the API User account, and can also add/edit Scopes assigned to the Application token.
Once the Application token is created, please be sure to copy it before closing the window. It cannot be viewed again except for the last 4 digits. A Global Administrator can regenerate new token.
Assigning Scope
Scopes grant your application different levels of access. Each of the scopes grant the ability to read, write, update and delete various entities within Syncplicity.
Use Cases
Following are the different use cases that describe how scopes can be defined to provide granular access.
1. Provisioning
Following scopes can be assigned for applications provisioning new users, assigning them to groups, and defining policies.
2. Data Migration
Following scopes can be assigned for applications migrating data on behalf of user.
3. DataHub (Tool provided by Syncplicity)
Following scopes can be assigned for applications using DataHub.
For any further questions, please contact support at support@syncplicity.com