1. API Authentication API

1.1. Connection Information

Host

auth-api.jp-east-1.paas.cloud.global.fujitsu.com

Each API is provided in the form of HTTPS.
An Example of URL
https://auth-api.jp-east-1.paas.cloud.global.fujitsu.com/API/oauth2/token

1.2. POST /API/oauth2/token

Description

This is the interface to get an access token. If a valid access token already exists, a new access token will not be issued and the existing access token is returned instead. Note that if access token retrieval fails five times or more in a row, access token retrieval is locked for 30 minutes for the client ID concerned.

Request Header
Name Type Description

Content-Type

String

Specify "application/x-www-form-urlencoded;charset=UTF-8"

Request Parameter

None

Body
grant_type=client_credentials&scope=service_contract&client_id=your-id&client_secret=your-password
Name Type Required Description

grant_type

String

Yes

Specify "client_credentials"

scope

String

Yes

Specify "service_contract"

client_id

String

Yes

Client ID to be authenticated

client_secret

String

Yes

Passwords for client ID

Return Codes
Code Description

201

Access token generation is successfully complete.

400 *Authentication Error

invalid_request : Input parameters are invalid.

400 *Authentication Error

unsupported_grant_type : Some other value than "client_credentials" is specified for grant_type.

400 *Authentication Error

invalid_scope : Some other value than "service_contract" is specified for scope.

400 *Authentication Error

invalid_request : Input parameters are invalid.

400 *Authentication Error

invalid_client : Authentication fails. Specified client ID and/or passwords need to be reviewed.

400

RCM403102 : Content-Type is not specified.

400

RCM403103 : Content-Type which cannot be used is specified.

400

RCM403105 : Specified parameters cannot be URL decoded.

400

RCM403106 : Some other value than number is specified in a number field.

500

RCM102205 : Contact the system administrator.

500

RCM053104 : Contact the system administrator.

Response Header
Name Type Description

Content-Type

String

"application/x-www-form-urlencoded;charset=UTF-8" is specified.

Response Parameter
  • Response (Normal)

 {
     "access_token":"5f744f66-56d9-4c8c-87b2-c870f3b82817",
     "token_type":"bearer",
     "expires_in":1124,
     "scope":"service_contract",
     "client_id":"your-id",
     "contract_info":{
         "contract_list":[
             {
                 "service_contract_id":"...",
                 "service_code":"..."
             }
         ]
     }
 }
Name Type Description

access_token

String

An issued access token

token_type

String

"bearer" is specified.

expires_in

long

valid period of a token, which is 1799 seconds when a token is newly issued

scope

String

"service_contract" is specified.

client_id

String

Client ID for which a token is issued

contract_info

object

Contract information of the client ID for which a token is issued

contract_list

array

Contract list linked with the client ID

service_contract_id

String

Service contract ID

service_code

String

Service code

  • Response (Abnormal) *Authentication Error

{
     "error":"invalid_client",
     "error_description":"With the specified information, an access token cannot be issued."
 }
Name Type Description

error

String

An error code. To identify what the error code means, refer to Error Codes in OAuth2.0.

error_description

String

The additional information for the error code above. The code corresponding to a response error code is added to the end of a string. When an error occurs, refer to HTTP Status Code and Resonse Error Code List.

  • Response (Abnormal) *Except for Authentication Error
    Refer to Common Response (Abnormal).

1.3. POST /API/oauth2/token?access_token={access_token}

Description

Delete the access token issued through "Get an access token".

Request Header

None

Request Parameter
{access_token} = Issued access token
Body

None

Return Codes
Code Description

204

The specified access token is not valid.

400

RCM402301 : Input parameters are invalid.

500

RCM102302 : Contact the system administrator.

500

An unexpecated error has occurred.

Response Header

None

Response Parameter
  • Response (Normal)
    None

  • Response (Abnormal)
    Refer to Common Responose (Abnormal).

1.4. Error Codes in OAuth2.0

See below for the meaning of the error codes speculated in OAuth2.0.

Code Description

invalid_request

Parameters required for Request are not included. Unsupported parameter values (except for grant type) are included. Parameters are duplicated. Multiple credentials are included. Multiple mechanisms are used for client authentication. Abnormal values are specified.

invalid_client

Client authetication has failed. For example, the client is unknown, client authentication information is not included, or unsupported authentic method is used.

invalid_grant

The provided authorization grant (e.g. authorization code or resource owner credential) or refresh token is invalid. Expiration is reached. Already Expired. Not matched with the redirected URI used in an authorized request. The access token has already been issued for another client.

unauthorized_client

The authenticated client is not authorized for using the grant type.

unsupported_grant_type

Grant type is not supported in the authorization server.

invalid_scope

Requested scope is invalid, unknown, abnormal or over the scope given by a resource owner.