Authorization

Authorization is required to start using the system API. Method Authorize is used for authentication and acquisition of data required to work with the API. To run this method following data should be transferred to the API server with a POST request:

Headline:

  • Host: system server address

Body of the request, block "credentials":

  • "email": “user login",
  • "password": "user password".

Login and password for the system should be requested from an OZ Forensics representative.

Example of running the Authorize method:

HTTP

Bash

Python

php

Java


POST /api/authorize/auth HTTP/1.1
Host: api-d.oz-services.ru
Content-Type: application/json
User-Agent: PostmanRuntime/7.15.2
Accept: */*
Cache-Control: no-cache
Postman-Token: d8bcbee8-7592-412c-8c71-6c984278ed12,3c8fdaed-938e-4335-b3e4-4207b25e15b6
Host: api-d.oz-services.ru
Accept-Encoding: gzip, deflate
Content-Length: 91
Connection: keep-alive
cache-control: no-cache

{
  "credentials": {
    "email": "manualtest@oz-services.ru",
    "password": "manualtest"
  }
}


curl -X POST \
  https://api-d.oz-services.ru/api/authorize/auth \
  -H 'Accept: */*' \
  -H 'Accept-Encoding: gzip, deflate' \
  -H 'Cache-Control: no-cache' \
  -H 'Connection: keep-alive' \
  -H 'Content-Length: 91' \
  -H 'Content-Type: application/json' \
  -H 'Host: api-d.oz-services.ru' \
  -H 'Postman-Token: d8bcbee8-7592-412c-8c71-6c984278ed12,08241e2c-92d6-42a2-8027-6fa6ea2e9910' \
  -H 'User-Agent: PostmanRuntime/7.15.2' \
  -H 'cache-control: no-cache' \
  -d '{
  "credentials": {
    "email": "manualtest@oz-services.ru",
    "password": "manualtest"
  }
}'


import requests

url = "https://api-d.oz-services.ru/api/authorize/auth"

payload = "{\n\t\"credentials\": {\n\t\t\"email\": \"manualtest@oz-services.ru\",\n\t\t\"password\": \"manualtest\"\n\t}\n}"
headers = {
    'Content-Type': "application/json",
    'User-Agent': "PostmanRuntime/7.15.2",
    'Accept': "*/*",
    'Cache-Control': "no-cache",
    'Postman-Token': "d8bcbee8-7592-412c-8c71-6c984278ed12,44cf86fc-458e-4408-ba62-d539a12ad3e8",
    'Host': "api-d.oz-services.ru",
    'Accept-Encoding': "gzip, deflate",
    'Content-Length': "91",
    'Connection': "keep-alive",
    'cache-control': "no-cache"
    }

response = requests.request("POST", url, data=payload, headers=headers)

print(response.text)


setUrl('https://api-d.oz-services.ru/api/authorize/auth');
$request->setMethod(HTTP_METH_POST);

$request->setHeaders(array(
  'cache-control' => 'no-cache',
  'Connection' => 'keep-alive',
  'Content-Length' => '91',
  'Accept-Encoding' => 'gzip, deflate',
  'Host' => 'api-d.oz-services.ru',
  'Postman-Token' => 'd8bcbee8-7592-412c-8c71-6c984278ed12,9792fd78-f231-45aa-852c-9f245bb14703',
  'Cache-Control' => 'no-cache',
  'Accept' => '*/*',
  'User-Agent' => 'PostmanRuntime/7.15.2',
  'Content-Type' => 'application/json'
));

$request->setBody('{
  "credentials": {
    "email": "manualtest@oz-services.ru",
    "password": "manualtest"
  }
}');

try {
  $response = $request->send();

  echo $response->getBody();
} catch (HttpException $ex) {
  echo $ex;
}


OkHttpClient client = new OkHttpClient();

MediaType mediaType = MediaType.parse("application/json");
RequestBody body = RequestBody.create(mediaType, "{\n\t\"credentials\": {\n\t\t\"email\": \"manualtest@oz-services.ru\",\n\t\t\"password\": \"manualtest\"\n\t}\n}");
Request request = new Request.Builder()
  .url("https://api-d.oz-services.ru/api/authorize/auth")
  .post(body)
  .addHeader("Content-Type", "application/json")
  .addHeader("User-Agent", "PostmanRuntime/7.15.2")
  .addHeader("Accept", "*/*")
  .addHeader("Cache-Control", "no-cache")
  .addHeader("Postman-Token", "d8bcbee8-7592-412c-8c71-6c984278ed12,fa239227-f870-425b-8797-e163e26c34f9")
  .addHeader("Host", "api-d.oz-services.ru")
  .addHeader("Accept-Encoding", "gzip, deflate")
  .addHeader("Content-Length", "91")
  .addHeader("Connection", "keep-alive")
  .addHeader("cache-control", "no-cache")
  .build();

Response response = client.newCall(request).execute();

In response to an authorization request the API server returns user data in JSON format as well as the data of user’s authorization token:

  • "access_token": "********"

The token data is required for the following interaction with the system API. Any request to the system except the Authorize method should include user’s authorization token in the headline of the HTTP request.

Example of server’s full response:

JSON


{
    "session_id": 3549,
    "user_id": "ded02c7d-64fb-4dd6-a9b1-d1d265e92c91",
    "access_token": "b69c99865c469978f269e96e8f8b2f06e5d99ecd4297ea0164b8501833e4443d33e62e3244c6936b397e4f0a6d7c78fe6ccdfe8f64211165e705517f17de9ca8",
    "expire_token": "c853d6d04e2293582b476613b471b3a8e8a85dc9a26d4e1a75ae098b7763feb1ec8c5b00f872ecc13279513b46efa95ca60fe518bf9e7de68bee5d64b5fcad4b",
    "expire_date": 1737275704,
    "device_info": {
        "device_family": null,
        "device_platform": null,
        "device_os": null,
        "app_version": null,
        "app_build": null,
        "device_locale": null
    },
    "user": {
        "user_id": "ded02c7d-64fb-4dd6-a9b1-d1d265e92c91",
        "user_type": "CLIENT",
        "first_name": "test",
        "last_name": "test",
        "middle_name": "",
        "email": "manualtest@oz-services.ru",
        "can_start_analyse_biometry": true,
        "can_start_analyse_collection": true,
        "can_start_analyse_documents": true,
        "can_start_analyse_forensic": true,
        "can_start_analyse_kyc": true,
        "can_start_analyse_quality": true,
        "company_id": "0405aeb4-01f7-4f86-81ea-e554cae9fc7f",
        "is_admin": false,
        "is_service": true
    }
}