How to generate the authentication token by using the Embed Secret Key API
You can generate the authentication token for a user in Bold Reports® by using the Embed Secret Key API. To do this, pass the following parameters in the request body.
username - The user’s email address.
grant_type - This type of credentials are used to authorize the request for an authentication token. Valid values: embed_secret.
embed_nonce - A random string value that restricts attackers from hacking. Example 5ff24040-cd74-42cf-a168-57f8cb7dafed.
timestamp - The current time as UNIX timestamp. Example: 1583934776
embed_signature - By using the username, embed_nonce, timestamp and the embed secret key(which can be generated from Bold Reports® Report server Embed settings), the embed_signature value can be generated using the HMACSHA256 algorithm.
Here is a sample C# code to illustrate the approach.
Add the following assemblies in a namespace:
System.Collections.GenericSystem.Net.HttpNewtonsoft.JsonSystem.Security.CryptographySystem.Net
Refer
Newtonsoft.Jsonassembly from nuget package.
.NET,.NET Core, and .NET Framework
public class Token
{
public string access_token { get; set; }
public string token_type { get; set; }
public string expires_in { get; set; }
public string email { get; set; }
public string error { get; set; }
public string error_description { get; set; }
}
private static string tokenurl = "/reporting/api/token";
private static string boldReportsUrl = "https://demo.example.com"; // Provide your Bold Reports<sup>®</sup> URL
private static string username = "[email protected]"; // Provide your Email ID
private static string nonce = Guid.NewGuid().ToString();
private static string timeStamp = DateTimeToUnixTimeStamp(DateTime.UtcNow).ToString();
private static string secretCode = "lettffAEI0FtKDGdrDekEv7WUbHwOwO"; // Provide your embed secret key value from the Bold Reports<sup>®</sup> Report Server Embed Settings.
public static void Main(string[] args)
{
ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls12; // This is required while running the Bold Reports<sup>®</sup> from Azure App Service
GetToken();
}
public static Token GetToken()
{
var client = new HttpClient();
client.BaseAddress = new Uri(boldReportsUrl);
client.DefaultRequestHeaders.Accept.Clear();
client.DefaultRequestHeaders.ConnectionClose = true;
string embedMessage = "embed_nonce=" + nonce + "&user_email=" + username + "×tamp=" + timeStamp;
string signature = SignURL(embedMessage.ToLower(), secretCode);
var content = new FormUrlEncodedContent(new[]
{
new KeyValuePair<string, string>("grant_type", "embed_secret"),
new KeyValuePair<string, string>("username", username),
new KeyValuePair<string, string>("embed_nonce", nonce),
new KeyValuePair<string, string>("embed_signature", signature),
new KeyValuePair<string, string>("timestamp", timeStamp)
});
var result = client.PostAsync(tokenurl, content).Result;
string resultContent = result.Content.ReadAsStringAsync().Result;
if (JsonConvert.DeserializeObject<Token>(resultContent)?.error == "authorization_failed")
{
Console.WriteLine("authorization_failed: " + JsonConvert.DeserializeObject<Token>(resultContent)?.error_description);
Console.ReadLine();
Environment.Exit(-1);
}
return JsonConvert.DeserializeObject<Token>(resultContent);
}
public static double DateTimeToUnixTimeStamp(DateTime dateTime)
{
DateTime unixStart = new DateTime(1970, 1, 1, 0, 0, 0, 0, System.DateTimeKind.Utc);
long unixTimeStampInTicks = (dateTime.ToUniversalTime() - unixStart).Ticks;
return unixTimeStampInTicks / TimeSpan.TicksPerSecond;
}
public static string SignURL(string embedMessage, string secretcode)
{
var encoding = new UTF8Encoding();
var keyBytes = encoding.GetBytes(secretcode);
var messageBytes = encoding.GetBytes(embedMessage);
using (var hmacsha1 = new HMACSHA256(keyBytes))
{
var hashMessage = hmacsha1.ComputeHash(messageBytes);
return Convert.ToBase64String(hashMessage);
}
}After the token is generated, use it by attaching it to the request header (Authorization) for all subsequent API calls to authenticate the requests.