Provisioning API - Security Overview
Getting started with our Provisioning API
Getting Started
As a partner, after connecting with the Deputy partner team, the next step involves setting up of the Security Authentication Layer that is required to access our privileged provisioning API.
The first step is to create an account with Deputy. This will create what Deputy calls a “Once Profile” - a global level user that can be reused across multiple businesses. With a Once Profile, partners are able to create an OAuth client which will allow them to access the create/convert and downgrade APIs.
The once user that is created should be for the company as a whole, not an individual or for a customer. This once user will control the provisioning, upgrading and downgrading of all the partner's embedded accounts.
Steps
- After creating a Deputy account, navigate to https://once.deputy.com/my/oauth_clients and follow the prompts to set up a new OAuth client. Follow this guide Using Oauth 2.0
- Share the generated
client_id
from the previous step, with the Deputy team. - Deputy will provide a private key. The private key and
client_id
constitute the key fields needed to gain access to the endpoints. - Retrieve the
kid
(Key ID) from the well-known endpoint below by substituting in with the OAuthclient_id
from before.
curl https://api.usw2.deputy.com/connect/v1/clients/<client_id>/.well-known/jwks.json
-
Generate the JWT token:
- Header
- Set the
kid
(Key ID) with the value retrieved in the well-known endpoint from previous step - Use
RS256
for the algorithm
- Set the
- Payload
- Set the
client_id
with the client ID generated above - Set the
aud
(audience) toapi.deputy.com/connect/v1
- Set the
sub
(subject) todeputy.com
- Set the
iss
(issuer) value to the issuer assigned to the partner
- Set the
- Header
-
Sign the token with the private key shared earlier.
-
All done! Use the signed JWT token when sending requests to the partner APIs.
Updated about 1 year ago