To receive an API key from an eLabNext user for use within your own web-based platform, it is best to use the eLabNext ‘Authentication flow for 3rd party systems’ option.
Here are the prerequisites for using this authentication mechanism:
Below is a diagram how the exchange of tokens takes place. Download the example code to see it in action. The example code requires nodeJS to be installed onto your system.
At your platform, there will be an action for the end-user to request an API token from eLabNext. The only prompt to the end-user is to which endpoint this API token would need to be requested. This ensures that organizations that host eLabNext, under their own domainname, will be able to use this feature.
This may need some explanation for end-users to understand what is asked of them. Ideally, you would validate/parse & correct their input to end up with the proper syntax. (E.g. when an end-user would copy/paste any page that they regularly access, such as https://www.elabjournal.com/members/, you may want to accept and correct that input to reflect the true ‘endpoint’ which is www.elabjournal.com before redirecting it to https://{{eLab Endpoint}/members/fn/externalAuth/?rootVar=MyExampleRootVar&state=myOptionalStateString).
Here, rootVar needs to be the rootVar of your Add-On. state is an optional parameter that will be echoed back to you. This may be used to pass over some state value, and/or to increase security by any mechanism implemented on your end that prevents replay-attacks or parameter manipulation (e.g. by passing over a salted hash from a known state).
The user now gets redirected by you to https://{{eLab Endpoint}/members/fn/externalAuth/?rootVar=MyExampleRootVar&state=myOptionalStateString in order to give consent. When accepted, eLabNext will redirect the user back to you based on the static variable authReturnURL inside your Add-On namespace. This whitelists the return URL on our end for security purposes.
Please note that this also works while sideloading your script during development. In that case, the authentication flow will default into ‘Development Mode’, which means it will only read the authReturnURL from your side-loaded script, bypassing any locally installed add-ons.
The authReturnURL is called, containing the request token as an URL parameter. The request token needs to be used within 60 seconds and can only be used once. On your end, you will then reach out to the API call https://{eLab Endpoint}/api/v1/auth/user/exchangeToken
(documented here), to use the request token for receiving a long-living API token. Make sure to post the value as Content-Type application/json.
Download the example code to see it in action. The example code requires nodeJS to be installed onto your system.
The authentication flow is very similar to web applications.
The prerequisites for using this authentication mechanism are:
The request token received by your desktop application needs to be used within 60 seconds and can only be used once. On your end, you will then reach out to the API call https://{eLab Endpoint or host}/api/v1/auth/user/exchangeToken
(documented here), to use the request token for receiving a long-living API token. Make sure to post the value as Content-Type application/json.
Schedule a Personal Demo for friendly expert guidance and a free lab workflow assessment.