Security
Client Validation
Security client validation introduces an additional security layer for your application requests.
Upon enabling this option any client requests going through your transport APIs are going to have to provide a
client id/secret pair before their request can be forwarded to the appropriate module.
You are responsible for creating these clients in advance.
You may do so through the admin panel or by performing an administrative request to Conduit's admin REST or GraphQL API.
In case of web clients, the incoming request's domain is also validated against the one specified in the client entry.
User authentication tokens are tied to the security client they were generated with.
Meaning you can't reuse or refresh tokens for your users across different clients.
Supported Platforms:
WEBANDROIDIOSIPADOSWINDOWSMACOSLINUXCLI(used exclusively by Conduit's CLI)
You may conveniently generate your own security clients through the Router section of Conduit's Admin Panel.
Generating a Security Client through the administrative REST API
Security clients are generated using an administrative request.
As such, your request's Authorization header should contain an admin access token.
curl --location --request POST 'http://localhost:3030/security/client/' \
--header 'Authorization: Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpZCI6IjYyMmYxZGQ5NThkZDIwMDAxNzgwNWVmYyIsImlhdCI6MTY0NzM0MjMwMiwiZXhwIjoxNjQ3NDE0MzAyfQ.trHYfxt9Wf6ohgi5PWez-dZEDaQSBBR6wu2PINveQmI' \
--header 'masterkey: M4ST3RK3Y' \
--header 'Content-Type: application/json' \
--data-raw '{
"platform": "ANDROID"
}'
{
"id": "6242b88a10a0990182773840",
"clientId": "1c0d06679f837c3958fba2724b51dc",
"clientSecret": "9ffd3a9041bff6aabff5fa81df8175c2406baaca6c417a165f5b66a9ad1c1e4408bc4aad895126ddc0ee007332aacf842f63ebc68eddc304a902a3f8867e9902",
"platform": "ANDROID"
}