Authentication


By default, APIM requires every request made to the Gateway to include an API key as part of the headers. This API key will be unique to the Software Vendor account, which AFAM will be creating on your behalf. On top of this, ADC’s Production environment will require a Bearer token to be passed as part of the request. AFMA has set up an Identity Provider to work in conjunction with your Software so that your client can authenticate and send valid requests to the API Gateway. Click here If you want to learn more about how to authenticate users.

UAT Authentication

The Bearer token plays an important role as it provides information about the current user, which is later used to perform validation on the request itself. For UAT however, it is impractical for software developers to authenticate against AFMA’s IDP, which why we’ve made the following modifications to the UAT API Gateway

• No validation of the token (Authorization Header) being applied

• If the Authorization header isn’t passed as part of request, the APIM itself will append a dummy JWT token before forwarding the request to the backend

This setup will allow software developers to easily interact with the UAT Developer Portal without having to worry about establishing a session or acquiring tokens

Dummy Token and Validation


The UAT API Gateway will append a default dummy token to the request so that it can be used at the backend to retrieve information about the user in context. This dummy JWT token contains the User Id (the fisher) of a test account that has been set up for this purpose. AFMA has created a number of accounts and their pre-defined dummy JWT tokens for testing purposes.

If you wish to override the default JWT token appended by the APIM policy, all you need to do is pass the authorization header with one of the test account dummy tokens.

ADC goes through a pretty rigorous process when it comes to validating the actual request sent to the backend. As part of this validation process, ADC will make sure some details such as Vessel Id match the current user details, which is why it is important stick to the given dummy tokens, otherwise the request will be unsuccessful.

Below is a list of all test account details and corresponding JWT tokens that are available to you for testing purposes.

eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwidXNlcl9pZCI6IjEwMzM3NCIsImFjY291bnRfcHdkIjoicHdkIiwiaWF0IjoxNTE2MjM5MDIyfQ.b44hL9VSzDz0qVqaLEGnM-7RLq6RJNWi8EVGrrMAyoc

User: 103374

ConcessionHolder: 103374

vesselId: 12155