Skip to content

Token Structure

Token Structure

  • iss -> This is used for other apis that will use the token to understand which api generated the token. For example, MCS will check the iss to see which Pointr Cloud instance created the token and process the transactions accordingly.
  • permissions -> This is used to define the permissions of the user. The permissions are defined as an array of objects. Each object has a type, hierarchy, and identifier. The type can be Admin, Editor, or User. The hierarchy can be Building, Site, or Floor. The identifier is the unique identifier of the hierarchy. For example, if the type is Admin, the user has admin permissions for the hierarchy with the given identifier. If the type is Editor, the user has editor permissions for the hierarchy with the given identifier. If the type is User, the user has user permissions for the hierarchy with the given identifier.

User Token Structure

{
  "iss": "https://test.pointr.cloud",
  "idp": "PointrCloud",
  "grant_type": "password",
  "userId": "0194b7f4-54eb-7684-bc4c-521d6599cdc3",
  "upn": "dev_test_user_@pointr.tech",
  "clientIdentifiers": ["eed82090-a57c-4a87-87ff-f93e5a051f61"],
  "roles":["User","Admin","Superadmin"],
  "aud": [],
  "nbf": 1738654524,
  "exp": 1738662024,
  "iat": 1738654824,
  "permissions": [
    {
      "type": "Editor",
      "hierarchy": "Site",
      "identifier": "21312ssa-5a39-4fa8-9034-65dbfe0ce9d2"
    },
    {
      "type": "Editor",
      "hierarchy": "Site",
      "identifier": "21312ssa-5a39-4fa8-9034-65dbfe0ce9d2"
    }

  ]
}

Client Credential Token Structure

{
  "iss": "https://test.pointr.cloud",
  "idp": "PointrCloud",
  "grant_type": "client_credentials",
  "clientIdentifiers": ["eed82090-a57c-4a87-87ff-f93e5a051f61"],
  "nbf": 1738654811,
  "exp": 1738662311,
  "iat": 1738655111,
  "roles": [
    "Sdk"
  ],
  "aud": [],
  "permissions": [],
  "publishedContentServer" : "Storage",
  "sasToken": "{sasToken}",
  "cdnBaseUrl": "{cdnBaseUrl}"
}

When the Parameters__PublishedContentServer value in Appsettings is set to "Storage", additional fields like sasToken and cdnBaseUrl are added to the token. This allows client credential tokens to be used for accessing files in storage.

  • If the selected provider is Amazon, the token field will display "AmazonStorage"
  • If the provider is not Amazon, it will display "Storage".

When the value is set to "Service", the system works through the API instead.