Employee Identity (EIAM)
APP Server-Side Development
Application Development
# API Access Credential Acquisition Interface
| Description | Example |
|---|---|
| Request URL | https://{domain}/api/oap/oauth/token |
| Request Method | POST |
# Request Parameters
| Parameter | Description |
|---|---|
| grant_type | Fixed value client_credentials, OAuth client credentials mode |
| client_id | client_id allocated by the API provider |
| client_secret | client_secret allocated by the API provider |
# Request Example
{
"grant_type": "client_credentials",
"client_id": "ZUSQzclVGYF",
"client_secret": "fnH5one7AmxPbl6ky6VHuFBNYQ88vAdvu0"
}
1
2
3
4
5
2
3
4
5
# Response Parameters
| Parameter | Reference |
|---|---|
| access_token | Access credential |
| token_type | Token type |
| expires_in | Validity period |
| scope | OAuth2 scope |
| id_token | JWT format permission information |
# Response Example
{
"access_token": "f7a815eb-c546-4052-b099-b554de1436c7",
"token_type": "bearer",
"expires_in": 764,
"scope": "all",
"id_token": "eyJraWQiOiJrMSIsImFsZyI6IlJTMjU2In0.eyJpc3MiOiJJc3N1ZXIiLC"
}
1
2
3
4
5
6
7
2
3
4
5
6
7
# Exchange for SSO Ticket Interface
| Parameter | Interface URL |
|---|---|
| Request URL | /api/oap/v1/sso/session_ticket |
| Request Method | POST |
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value |
|---|---|---|---|
| sessionToken | sessionToken validity is agreed to be 30 days, used to exchange for ssoTicket | Required | r5ysOPTCBLU1 |
| operatingSysVersion | Requestor User-Agent | Required | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212Safari/537.36 |
| device_ip | Endpoint device IP | Required | 192.168.1.1 |
| device_fingerprint | Endpoint device fingerprint (can uniquely identify the endpoint device) | Required | qaws12fr45mjy7 |
# Request Example
{
"sessionToken": "NPb1iZc11TKmgiefSYWrFnvT2DBhFPIX",
"operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
"device_ip": "121.60.119.225",
"device_fingerprint": "156aysdna213sc"
}
1
2
3
4
5
6
2
3
4
5
6
# Response Parameters
| Property Name | Sub-property | Parameter Description |
|---|---|---|
| code | Return code Success: 0 | |
| message | Return message 【Records the failure reason on failure】 | |
| data | expire | Remaining validity time of ssoTicket in seconds |
| ssoTicket | ssoTicket【Used to obtain user information during app-internal mini-program SSO】 |
# Response Example
{
"code": "0",
"message": "success",
"data": {
"expire": 299,
"ssoTicket": "ssoTicket-p2WBMUCXaOGSQDzzMPYdqLvKvZcAe0yC"
}
}
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# Validate ssoTicket Interface
| Parameter | Interface URL |
|---|---|
| Request URL | /api/oap/v1/sso/session_ticket-validate |
| Request Method | POST |
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value |
|---|---|---|---|
| ssoTicket | sso Ticket, valid for 300 seconds | Required | ssoTicket-p2WBM |
| operatingSysVersion | Requester User-Agent | Required | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36 |
| device_ip | Endpoint device IP | Required | 192.168.1.1 |
| device_fingerprint | Endpoint device fingerprint (capable of uniquely identifying the endpoint device) | Required | qaws12fr45mjy7 |
# Request Example
{
"ssoTicket": "ssoTicket-7Ddh7KhsBKBgPuN82IVHZVDc6DPm8Jxh",
"operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36",
"device_ip": "121.60.119.225",
"device_fingerprint": "156aysdna213sc"
}
1
2
3
4
5
6
2
3
4
5
6
# Response Parameters
| Property Name | Sub-Property | Parameter Description |
|---|---|---|
| code | Return Code Success: 0 | |
| message | Return Message【Failure reason will be recorded on failure】 | |
| data | userInfo | User Information |
# Response Example
{
"code": "0",
"message": "success",
"data": {
"userInfo": {
"id": "20201119181527383-7B3B-0571E338A",
"name": "lx4321",
"userName": "lx4321",
"mobile": "15907154321",
"email": "1014321@qq.com",
"age": 18,
"gender": 0,
"nick_name": "lxx",
"head_url": "https://thirdwx.qlogo.cn/mmopen/vi_32/Q0j4TwGTfTKLb4AJez",
"realStatus": "PERSONAL",
"join_date": "2020-11-19T10:15:27.000Z"
}
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# Refresh sessionToken API
| Parameter | API URL |
|---|---|
| Request URL | /api/oap/v1/sso/refreshSessionToken |
| Request Method | POST |
# Request Parameters
| Parameter Name | Chinese Name | Required | Example Value |
|---|---|---|---|
| sessionToken | Original sessionToken, used to exchange for a new sessionToken | Required | Mkkp1xSB4Wqj3 |
| operatingSysVersion | Requester User-Agent | Required | Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212Safari/537.36 |
| device_ip | Endpoint Device IP | Required | 192.168.1.1 |
| device_fingerprint | Endpoint Device Fingerprint (Can uniquely identify the endpoint device) | Required | qaws12fr45mjy7 |
# Request Example
{
"sessionToken": "Yst40OUIo7zghBH3pFEniuSINGbLHzU3",
"operatingSysVersion": "Mozilla/5.0 (Windows NT 10.0; Win64; x64)AppleWebKit / 537.36(KHTML, like Gecko) Chrome / 90.0 .4430 .212 Safari / 537.36 ",
"device_ip ": "121.60 .119 .225 ",
"device_fingerprint": "156aysdna213sc"
}
1
2
3
4
5
6
2
3
4
5
6
# Response Parameters
| Property Name | Sub-property | Parameter Description |
|---|---|---|
| code | Return Code Success:0 | |
| message | Return Message【Records the failure reason when failed】 | |
| data | sessionToken | Session Token |
# Response Example
{
"code": "0",
"message": "success",
"data": {
"sessionToken": "lqIprZxbyUelLbn5Yos33o8TeVnoZJFH"
}
}
1
2
3
4
5
6
7
2
3
4
5
6
7
# Session Keep-Alive
The expiration time of the sessionToken is configurable (refer to Access Token Validity Configuration). If you need to maintain the login state, it is recommended that the APP server handles refresh synchronization on its own.
It is recommended to perform a refresh call one day or three days before the sessionToken is about to expire, ensuring the sessionToken is always in an available state.
The above is only a suggestion; the calling party can also set the refresh time according to their actual business application scenarios.