Authentication
Authorization
In order to work with the Rest-API endpoints, the client application must first be authenticated and authorized. API-clients using endpoints in the public domain (e.g. Discovery) must have a valid WISE-KEY. The endpoints in the shared domain must have a valid user login as well. The steps below describe the authentication steps:
- Generate a WISE-KEY using the API-KEY, API-ID and ApplicationName.
An example of how this is calculated is given in the appendix. -
For most endpoints a client must login with username and password to get an access token:
- /patron/authentication
For logging in as a patron the endpoint /patron/authentication is used. A token will be returned upon successful registration. This must be provided as an Authorization in the request header for the relevant endpoints.
This authentication makes it possible to consult your own data as a patron. - /login
The endpoint /login is used for signing in as a staff user. A token will be returned upon successful registration. This must be provided as an Authorization in the request header for the relevant endpoints.
This authentication allows the API-client to make requests to the Wise system as a staff user.
- /patron/authentication
After a succesful login the response returns an autorization token. This token must be added to every request in the header
Authorization: {token}
The token is valid for the current day till 23:59:59. It is not neccessary to login again on the same day.
Proxy authentication
A staff user can act on behalf of a patron by using the proxy authentication. If the logged in staff user has the proxy permission (PROXY_AUTH), this api-client can request a patron authentication token (see 2.1). With this token the api-client can execute request if it was logged in as a patron.
Endpoint to request a patron token as a proxy-user : /patron/{patronSystemId}/library/{libraryId}/proxyauthentication
Requirements for proxy authentication:
1. the api-key must be enabled for proxy : configured by OCLC in consultation with Wise administrator
2. the user must be assigned proxy-auth permission : configured by Wise administrator. The persmission can be enable on branch, network or system level.
Deprecated PROXY_AUTHENTICATION
Up to Wise version 7.1.0 there is a hardcoded user with proxy authentication with username "PROXY_AUTHENTICATION". This user has special permission as described above.