OBO RSA authentication

You can use on behalf of (OBO) via RSA key pair authentication rather than using certificate authentication as detailed here. 


To enable OBO RSA authentication, you will need an application deployed with the OBO feature enabled and already be using RSA authentication. Details of this can be found here.


Once completed, enable OBO authentication by following these steps:


1. Refer to the Knowledge Article found here on how to generate RSA key pairs and perform the required steps


2. Once you have set the public key into the authentication section in the application bundle, you can either update the application if you already have it deployed, or create it if you have not (Figure 1):



Figure 1 Authentication Section


Note: Figure 1 highlights the Act As User variable required for OBO and the RSA Public Key section


3. To obtain the sessionToken, run the following call, replacing the user AppID with your own (Figure 2):


java -jar jwt-helper.jar -user AppID -key mykey.pem



Figure 2 SessionToken


4. Copy the resulting sessionToken and use it within 5 minutes


5. Using Postman, obtain the application sessionToken by navigating to the following URL, ensuring you edit the Pod Url value to reflect your company details (Figure 3):




Note: For example, https://companyabc.symphony.com/ 



Figure 3 SessionToken


6. Use either the username of the person or their UID to obtain their sessionToken (Figure 4 and Figure 5):




Note: For example, https://companyabc.symphony.com/ 



Figure 5 Username




Note: For example, https://companyabc.symphony.com/ 



Figure 6 UID


7. Once you have the OBO SessionToken, you can use any of the following OBO API Endpoints detailed here


Note: The Key Manager token is not used