On behalf of (OBO) RSA authentication

You can use on behalf of (OBO) via RSA key pair authentication rather than using certificate authentication as detailed here. 

To enable OBO RSA authentication, you will need an application deployed with the OBO feature enabled and already be using RSA authentication.

Once completed, enable OBO authentication by following these steps:

1. Refer to the Knowledge Article found here on how to generate RSA key pairs and perform the required steps.

2. Once you have set the Public Key into the Authentication section in the application bundle, update the application if you already have it deployed, or create it if you have not (Figure 1):


Figure 1 Authentication section

Note: The above highlights the Act As User variable required for OBO and the RSA Public Key section.

3. To obtain the SessionToken, run the following call, replacing the user AppID with your own ID (Figure 2):

java -jar jwt-helper.jar -user AppID -key mykey.pem


Figure 2 SessionToken

4. Copy the resulting SessionToken and use it within 5 minutes.

5. Using Postman, obtain the application SessionToken by navigating to the following URL (Figure 3 and Figure 4):


Figure 3 Command

Note: Where companyabc is the name of your pod.


Figure 4 SessionToken

6. Use either the username of the person or their UID to obtain their SessionToken (Figure 6 and Figure 8):


Figure 5 Command

Note: Where companyabc is the name of your pod.

Note: Where <username> is your username, for example johnsmith.


Figure 6 Username


Figure 7 Command

Note: Where companyabc is the name of your pod.


Figure 8 UID

7. Once you have the OBO SessionToken, you can use any of the following OBO API Endpoints detailed here.

Note: The Key Manager (KM) token is not used.