To download the source code used in this tutorial, click here.

md5: 4ed52cb297cdc5669b11ff5624749387
sha1: 6396f0e5f25fcc42560c858b841507a7dceb9e9f

In this procedure, you use the Files API to set up authentication for your API calls to the Activity API. The Files API is another API in Aspera on Cloud.

  1. From the current directory, open the file authentication.rb, which you created in the first procedure.
  2. To add references to the installed dependencies and Ruby modules, add the following lines to the file. This code must remain at the top of the file as you continue to add content.
    require 'restclient'
    require 'json'
    require 'base64'
    require './constants.rb'
  3. To declare the Authentication module, add this code to the bottom of the file:
    module Authentication
      # helper methods
    
      # generate JWT
    
      # log in user
    
    end
  4. To include helper methods for printing and encoding data, add this code below the comment # helper methods in the  Authentication module:
    # helper methods
    def base64url_encode(str)
      Base64.encode64(str).tr('+/', '-_').gsub(/[\n=]/, '')
    end
    
    def pretty_print(result)
      pretty = JSON.pretty_generate(result)
      puts pretty
    end
  5. To specify values for the JSON web token (JWT) header keys, add this code just below the comment # generate JWT, which is in the Authentication module:
    # generate JWT
    def generate_auth_credentials
      private_key = OpenSSL::PKey::RSA.new(File.read('jwtRS256.key'))
      time = Time.now.to_i
    
      # specify authentication type and hashing algorithm
      jwt_header = {
        typ: 'JWT',
        alg: 'RS256'
      }
    
      # specify issuer, subject, audience, not before and expiration
      jwt_body = {
        iss: CLIENT_ID,
        sub: USER_EMAIL,
        aud: 'https://api.asperafiles.com/api/v1/oauth2/token',
        nbf: time - 3600,
        exp: time + 3600
      }
    
      # construct the hashed JWT and Files API request parameters
      payload = base64url_encode(jwt_header.to_json) + '.' + base64url_encode(jwt_body.to_json)
      signed = private_key.sign(OpenSSL::Digest::SHA256.new, payload)
      jwt_token = payload + '.' + base64url_encode(signed)
      grant_type = CGI.escape('urn:ietf:params:oauth:grant-type:jwt-bearer')
      scope = CGI.escape('admin:all')
    
      { token: jwt_token, grant_type: grant_type, scope: scope }
    end

    Explanation of Keys:

    Key Description
    iss “Issuer”. Client ID that is generated when you register an API
    client.
    sub “Subject”. Email address of the user who will use the bearer
    token for authentication.
    aud “Audience”. Value is always
    https://api.asperafiles.com/api/v1/oauth2/token
    nbf “Not before”. Unix timestamp for when the bearer token becomes
    valid.
    exp “Expiration”. Unix timestamp for when the bearer token
    expires.
  6. To set up the authentication request to the Files API, add this code just below the comment # log in user, which is in the Authentication module:
    # log in user
    def log_in
      credentials = generate_auth_credentials
      files_url = "https://api.ibmaspera.com/api/v1/oauth2/#{ORGANIZATION_SUBDOMAIN}/token"
      parameters = "assertion=#{credentials[:token]}&grant_type=#{credentials[:grant_type]}&scope=#{credentials[:scope]}"
    
      # setup Files request object
      client = RestClient::Resource.new(
        files_url,
        user: CLIENT_ID,
        password: CLIENT_SECRET,
        headers: { content_type: 'application/x-www-form-urlencoded' }
      )
    
      # make request to Files API
      begin
        puts "\n\n\nmake request to Files API\n\n\n"
        result = JSON.parse(client.post(parameters), symbolize_names: true)
        pretty_print(result)
      rescue Exception => e
        puts e
      end
    
      # extract and return 'bearer token'
      return "Bearer #{result[:access_token]}" if result
    end
  7. To confirm that your setup is successful, do the following:
    • Add the following line (which is a method call) to the bottom of the file, after the final¬†end:
      include Authentication
      log_in
    • Run this Ruby script in terminal:
      ruby authentication.rb

    The Files API response should print in terminal:

    {
          "access_token": "eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiIsImtpZCI6IjIwMTgtMDYtMDZUMjI6MzU6MTQrMDA6MDAifQ.eyJ1c2VyX2lkIjoiNDE1MTEiLCJzY29wZSI6ImFkbWluOmFsbCIsImV4cGlyZXNfYXQiOiIyMDE5LTAxLTMwVDIzOjE5OjU1WiIsInV1aWQiOiIzOGNlNmRkNC03ZjQyLTQ0YTgtYmFkNi03YTY1ZTNlNjZlNjIiLCJvcmdhbml6YXRpb25faWQiOiIxMzM1NSIsImV4cCI6MTU0ODg5MDM5NSwic3ViIjoibGF1cmFraXJieTI2QGdtYWlsLmNvbSIsIm5hbWUiOiJMYXVyYSBLaXJieSIsImdpdmVuX25hbWUiOiJMYXVyYSIsImZhbWlseV9uYW1lIjoiS2lyYnkiLCJpYXQiOjE1NDg4MDM5OTUsImlzcyI6Imh0dHBzOi8vYXBpLmlibWFzcGVyYS5jb20vYXBpL3YxL29hdXRoMi90b2tlbiIsImlibWlkX2lkIjoiSUJNaWQtNTAzM1RLVFYyQiIsImlkIjoiYW9jLTQxNTExIiwicmVhbG1pZCI6ImFvYy1pYm1pZCIsImlkZW50aWZpZXIiOiI0MTUxMSJ9.wggzDE8xaNgc0ucOs8Tn0sCVwpvJSTVEGmqKeVq3uR0Ru7vkM5yptbFfSfbtg6kAKTzclL_I_rdznlSet20WMo_qb0b2mQiTIuhFLKL9uECoqCXxZ0LNdBpXbt1NxcMhMXIinfWc9PmQaGY6uAyjgOpNZDMBq3EzocHJ2YFUZjrURgrWgCWmDf7xlTcvziuwJ6XrFz8zeKBXRkdeow-wkkcaBM6-Q596GrFf7frQDOAmyRr1WIKZJ6j9V-jY-mrox-Rebsc0BW8sAXKb33TyZ_NHcuQu7n-_6hZ_QARqSIpqtbBEb6fZRY9aSQ8dQ4cdCtokKDjhVe1Kkt-aP1bLAg",
          "token_type": "bearer",
          "expires_in": 86399,
          "scope": "admin:all"
    }
  8. Once you have confirmed that the login method is working, remove the following lines, shown below (you can also comment out the lines by placing a “#” in front of them):
    # include Authentication
    # log_in
  9. You are ready to request data about your transfers. Go to Making a Request to the Activity API.