Authorization and Authentication

To represent the identity of its users in a secure way, the Flowster Password Reset API uses JSON Web Tokens, which are an open and secure representation standard. A JSON Web Token allows two systems to exchange data without exposing their user credentials.

Another important term that the user may encounter when using the API is "Authorization", authorization is the next thing that happens after a successful authentication, it is the approval that a particular customer has the right to make a request.  Authorization is when an entity verifies that you have the right to access data or information on a given server, in the case of Flowster Password Reset the users of the categories "user" and "admin" have different access to the API resources, an “admin” level user cannot access the server information made available to a user level “user”.

To get the JWT to authorize requests the user "admin" needs to provide as credentials a username that has permission to access the portal admin, if the user is using an API client api to access the API this user must have permission to use the API, the second credential is the password, remembering that a default password is provided to the administrator when installing the application and also that in the portal admin the authorization is obtained by logging in with the same credentials mentioned above.  Only authorized users of the "admin" type can consume the API resources through an API client, other users can only get the JWT through authentication in the user portal when logging into the application.