Skip to content

Token Structure

Token Structure

  • iss -> This is used for other apis that will use the token to understand which api generated the token. For example, MCS will check the iss to see which Pointr Cloud instance created the token and process the transactions accordingly.
  • permissions -> This is used to define the permissions of the user. The permissions are defined as an array of objects. Each object has a type, hierarchy, and identifier. The type can be Admin, Editor, or User. The hierarchy can be Building, Site, or Floor. The identifier is the unique identifier of the hierarchy. For example, if the type is Admin, the user has admin permissions for the hierarchy with the given identifier. If the type is Editor, the user has editor permissions for the hierarchy with the given identifier. If the type is User, the user has user permissions for the hierarchy with the given identifier.

User Token Structure

{
  "iss": "https://test.pointr.cloud",
  "idp": "PointrCloud",
  "grant_type": "password",
  "userId": "0194b7f4-54eb-7684-bc4c-521d6599cdc3",
  "upn": "dev_test_user_@pointr.tech",
  "clientIdentifiers": ["eed82090-a57c-4a87-87ff-f93e5a051f61"],
  "roles":["User","Admin","Superadmin"],
  "aud": [],
  "nbf": 1738654524,
  "exp": 1738662024,
  "iat": 1738654824
  "permissions": [
    {
      "type": "Editor",
      "hierarchy": "Site",
      "identifier": "21312ssa-5a39-4fa8-9034-65dbfe0ce9d2"
    },
    {
      "type": "Editor",
      "hierarchy": "Site",
      "identifier": "21312ssa-5a39-4fa8-9034-65dbfe0ce9d2"
    }

  ]
}

Client Credential Token Structure

{
  "iss": "https://test.pointr.cloud",
  "idp": "PointrCloud",
  "grant_type": "client_credentials",
  "clientIdentifiers": ["eed82090-a57c-4a87-87ff-f93e5a051f61"],
  "nbf": 1738654811,
  "exp": 1738662311,
  "iat": 1738655111,
  "roles": [
    "Sdk"
  ],
  "aud": [],
  "permissions": [],
  "publishedContentServer" : "Storage",
  "sasToken": "{sasToken}",
  "cdnBaseUrl": "{cdnBaseUrl}"
}

When the "Parameters__PublishedContentServer" value in Appsettings is set to "Storage", the sasToken and cdnBaseUrl fields are added to the token. This allows client credential tokens to be used for accessing files in storage. If the value is set to "Service", the system works through the API instead.