Authentication

Authentication enables us to understand the details of your account, including the opportunities and limitations you have. For users, it ensures a real-time connection with our server, providing confidence that everything is functioning correctly.

The Stripo Plugin requires an authentication token to perform any operations. To authenticate your instance of the Stripo Plugin, call the endpoint shown in the sample code below with your Plugin ID and Secret Key, which you can find on the Plugin details page. The Plugin will call this function each time a token expires to obtain a new one.

It is recommended to build authentication as shown in the diagram below:

Authentication Flow

1. Initialization of the Editor: During the initialization of the editor, pass a function as the onTokenRefreshRequest parameter. This function will be called whenever the authentication token needs to be updated.

   init({
       ...,
       onTokenRefreshRequest: function(callback) {
           /*
               Send request to Customer Application Backend, for example https://your_domail/stripo/token
           */
           const token = ...
           callback(token);
       }
   });

2. Implement an Endpoint in CAB: The customer application backend (CAB) must implement an endpoint to handle the request for obtaining a token.

3. Retrieve pluginId and secretKey: During request processing, the CAB must retrieve the pluginId and secretKey from storage.

4. Send Request to Plugin Backend: Along with the required userId parameter (user identifier) and role, the CAB must send a request to the plugin backend to obtain a token.

5. Receive Generated Token: In the response from the plugin backend, a generated token will be returned.

6. Return Token to Customer Application UI: The CAB returns the token to the customer application UI.

7. Pass Token to Editor: The customer application UI must call the callback to pass the token to the editor.

OpenAPI Specification

Reference

openapi: 3.0.1
info:
  title: Stripo Authentication API
  description: |
    The Stripo Plugin requires an authentication token to perform any operations.
    
    To authenticate your instance of the Stripo Plugin, call the provided endpoint with your Plugin ID and Secret Key. Ensure you include the userId of the user who will be working within the plugin, along with their role. The list of supported roles can be found [here](/getting-started/authentication#default-roles)
servers:
  - url: https://plugins.stripo.email
paths:
  /api/v1/auth:
    post:
      tags:
        - Methods
      summary: Get authentication token
      description: |
        [Recommendations for use](/getting-started/authentication)
      operationId: getAuthToken
      requestBody:
        content:
          application/json:
            schema:
              $ref: '#/components/schemas/AuthRequest'
        required: true
      responses:
        '200':
          description: Authentication token
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/AuthResponse'
components:
  schemas:
    AuthRequest:
      type: object
      required:
        - pluginId
        - secretKey
        - userId
        - role
      properties:
        pluginId:
          type: string
        secretKey:
          type: string
        userId:
          type: string
        role:
          type: string
          enum:
            - admin
            - user
    AuthResponse:
      type: object
      required:
        - token
      properties:
        token:
          type: string

Default Roles

You can use these roles to configure access levels to folders in the Image gallery and the Library of modules.

• admin
• user

To enable your users to write data to specific folders, pass the appropriate roles during token generation. This will allow you to control user access to the Image gallery and the Library of modules effectively.