• Home
    • Pugpig Bolt
    • Authentication and Subscriptions

    Security API - What is needed to integrate with the Pugpig security API

    Written by Benji Weiser

    Updated at March 3rd, 2023

    • Pugpig Bolt
      Bolt apps Content and Workflows Bolt CMS Pugpig Distribution Service URLs, Domains and Linking Bolt Search Authentication and Subscriptions Bolt Analytics Push notifications Bolt Release Notes Debugging Advertising App stores Consent management Bolt third party integrations
    • Pugpig Site
      Site Search URLs, Domains and Linking Content Management System Analytics SEO Advertising Consent Management Platform Site Release Notes Debugging Authentication and Subscriptions
    • Pugpig Archive
    • Working with Pugpig
      Pugpig Support Releasing new versions Pugpig Packs & Agreements Pugpig Policies
    • Pugpig Consulting
    + More

    Below is a list of what we need to integrate your authentication service with Pugpig, this work is typically covered by Kaldor under a Pugpig Authentication Pack. 

    Before integration work can begin we need:

    • Confirmation if you are using a web based authentication OAuth/PKCE flow for the sign step (which we recommend) instead of a direct API call, you will also need to read and understand this document:

      https://docs.pugpig.com/en_US/360013591298-Web-based-authentication-integrations-in-Pugpig-apps-using-PKCE

    • An HTTPS API that can be accessed from our Distribution platform. At a minimum we need:

      • if NOT using a PKCE flow the ability to send user credentials to the API (usually username/email and password as well as a unique device ID), with the API responding returning yes, no or more information about their entitlements. Ideally the login call returns a token, which can be used for subsequent calls to the API. This is called when a user signs into the app.
      • an entitlements endpoint that takes the user token and returns information about the users entitlements. This is called every time a user opens the app.
    • High level documentation explaining the API. For example, explain if the system is access based (an active user gets all content) or issue/time based (an active user only gets a limited set of editions).
    • Access to a working endpoint - this can be a staging or production endpoint. Production is safe as the integration only makes read only calls. It doesn't write or change any data
    • An example of every kind of user you have (active/lapsed/blacklisted/print only/etc/etc)
    • Any business rules explaining how we should interpret the responses, although hopefully most of this is handled by the origin subscription system
    • Sessions times should be infinite, or otherwise very long, so that users do not get logged out
    • If the endpoint is restricted by IP address, and Kaldor are doing the integration on the Clouds Distribution Platform, you'll need to open access to our IP addresses: https://docs.pugpig.com/urls-domains-and-linking/208008576-Distribution-Overview-Pugpig-IP-ranges
    integrate security api

    Was this article helpful?

    Yes
    No
    Give feedback about this article

    Related Articles

    • Web-based authentication integrations in Pugpig apps using PKCE
    • In-app purchases and cross entitlement
    • Distribution federation of PKCE
    • Bolt Metered Paywall
    pugpig logo white
    Navigation
    • Products
    • Customers
    • News
    • Podcast
    Contact
    • Contact us
    • LinkedIn
    • Twitter
    Technical Support
    • Status Page
    • Documentation
    • Customer Support
    Corporate
    • Company
    • Jobs
    • Privacy Policy

    © Kaldor Ltd. 2022

    Powered by Pugpig


    Knowledge Base Software powered by Helpjuice

    Expand