OAuth 2.0 Authorization code flow¶
For your users, this flow includes a consent screen that describes through ‘scopes’ the actions that the user allows to your application. For example, when the user logs in, they might be asked to accept or reject a partnership.
There is no off-line access through Refresh Token but Talao partnership allows your company to get user data as long as the partnership is authorized. However it means that you always need consent of an online user who signed-in Talao to issue or delete a certificate on his/her behalf.
Note
If your company needs to sign a certificate as an issuer, see further the Client Credential flow.
You request an access to these functionalities using the scope parameter, which your app includes in its request.
Below list of scopes :
- user:manage:certificate : This scope if accepted by user allows your company to issue/delete certificates on behalf of a user
- user:manage:partner : This scope if accepted by user allows your company to request, accept or reject partnerships with all Identities on behalf of a user
- user:manage:referent : this scope if accepted by user allows your company to add or remove referents on behalf of a user
- user:manage:data : this scope if accepted by user allows your company to add or remove data (account settings) on behalf of a user
Step 1, ask for a grant code with your scope list, nonce, state.
https://talao.co/api/v1/authorize?response_type=code&client_id=your_client_id&scope=your_scopes&state=state&nonce=nonce
Step 2, with the grant code, connect to the token endpoint https://talao.co/api/v1/auth/token to get an Access Token. You will need your client_secret.
curl -u your_client_id:your_secret_value -XPOST https://talao.co/api/v1/oauth/token -F grant_type=authorization_code
Access Token is live 500 seconds.
Step 3, with the Access Token you can acces an endpoint
curl -H "Authorization: Bearer your_access_token" -H "Content-Type: application/json" https://talao.co/api/v1/endpoint -d your_json_data
Endpoint : POST https://talao.co/api/v1/user_issues_certificate¶
Issue a certificate to an Identity(person or company) on behalf of a user. certificate is “reference” or “agreement or “experience” or “skill” or “recommendation”. User must be in the identity’s referent list.
Scope required : user:manage:certificate
Issue an agreement certificate :
$ curl -X POST https://talao.co/api/v1/user_issues_certificate \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
-H "Content-Type: application/json" \
-d '{"did_issued_to" : "did:talao:talonet:2165165", "certificate_type" : "agreement", "certificate": agreement_JSON_certificate}'
Example of a agreement_JSON_certificate :
{
"registration_number" : "2020-11-31003",
"title" : "IQ - ISO9001:2020",
"description" : "Quality Management Process",
"standard" : "ISO 9001",
"date_of_issue" : "2020-11-01",
"valid_until" : "2030-10-31",
"location" : "Toulouse Bordeaux Paris",
"service_product_group" : "Drone Serie production line",
}
Issue a reference certificate :
$ curl -X POST https://talao.co/api/v1/user_issues_certificate \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
-H "Content-Type: application/json" \
-d '{"did_issued_to" : "did:talao:talonet:2165165", "certificate_type" : "reference", "certificate": reference_JSON_certificate}'
Example of a reference_JSON_certificate :
{
"project_title" : "Ligne de production moteur NFG-1000",
"project_description" : "Conception, réalisation et installation d'une nouvelle ligne de production",
"project_budget" : "2000000",
"project_staff" : "12",
"project_location" : "Bordeaux",
"start_date" : "2019-02-22",
"end_date" : "2020-01-25",
"competencies" : ["CATIA V6",],
"score_recommendation" : 4,
"score_delivery" : 3,
"score_schedule" : 4,
"score_communication" : 4,
"score_budget" : 4,
}
Endpoint : POST https://talao.co/api/v1/user_accepts_company_partnership¶
This is a straightforward process to build a partnership with an Identity. It combines your company request for a partnership and an authorization from Identity.
Scope required : user:manage:partner
$ curl -X POST https://talao.co/api/v1/user_accepts_company_partnership \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
JSON return :
{
"partnernship_in_identity": "Authorized",
"partnership_in_partner_identity": "Authorized",
}
Endpoint : POST https://talao.co/api/v1/user_updates_company_settings¶
To update identity settings of a company. You can set ‘name’,’contact_name’,’contact_email’,’contact_phone’,’website’, ‘about’, ‘staff’, ‘mother_company’, ‘sales’, ‘siren’, ‘postal_address’. If no data is provided you get all current Identity settings.
Scope required : user:manage:data
$ curl -X POST https://talao.co/api/v1/user_updates_company_settings \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
-d '{"staff" : "6"}'
JSON return :
{
"name" : "Talao",
"contact_name" : "Nicolas Muller",
"contact_email" : "nicolas.muller@talao.io",
"contact_phone" : "0607182594",
"website" : "https://talao.co",
"about" : "Talao focuses on professional identity management based on an extension of the ERC725 protocol, through a BtoB go-to-market strategy and a network of partners to develop compatibility with corporate IT systems.",
"staff" : "6",
"sales" : "3200000",
"mother_company" : null,
"siren" : "837674480",
"postal_address" : null
}
Endpoint : POST https://talao.co/api/v1/user_uploads_signature¶
To add a signature file to an Identity. Image format are jpeg, png, jpg. Image will be displayed with size in pixels : height=”150” width=”200”.
Scope required : user:manage:data
the Content-Type of the Header of the POST request will be multipart/form-data.
$ curl -X POST https://talao.co/api/v1/user_accepts_company_referent \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
-H "Content-Type : multipart/form-data" \
-F "data=@signature.png"
JSON return :
{
"hash": "QmNr71LjJPGUYKASinx2R5u63Zpmj8ZUqniFxHhqqHBujh"
}
Endpoint : POST https://talao.co/api/v1/user_uploads_logo¶
Same as prevous one with logo. Image will be displayed with size in pixels : height=”200” width=”200”.
Endpoint : POST https://talao.co/api/v1/user_accepts_company_referent¶
To add your company in the Identity referent list
Scope required : user:manage:referent
$ curl -X POST https://talao.co/api/v1/user_accepts_company_referent \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9"
JSON return :
{
"referent": true
}
Endpoint : POST https://talao.co/api/v1/user_adds_referent¶
To add an Identity to the user referent list
Scope required : user:manage:referent
$ curl -X POST https://talao.co/api/v1/user_adds_referent \
-H "Authorization: Bearer rp9maPLRQEJ3bviGwTMPXvQdcx8YlqONuVDFZSAqupDdgXb9" \
-H "Content-Type: application/json" \
-d '{"did_referent" : "did:talao:talaonet:fA38BeA7A9b1946B645C16A99FB0eD07D168662b"}'
JSON return :
{
"referent": true
}