AAA is a project aimed to develop APIs to share arrival and departure information from ship reports sent to the Swedish Maritime Administration, and pilotage information from the Swedish Maritime Administration's (SMA) pilot planning.
To be able to call SMA's API:s the clients need a valid JWT-token. JWT stands for "JSON Web Tokens" which is a web standard (RFC 7519) for secure transmission of data between two parties.
The client fetches a valid JWT-token from SMA's IDP(Identity Provider) and authenticates itself using Basic authentication scheme using the paramaters ClientID (as username) and ClientSecret (as password). The client gets these credentials from SMA through a secure channel (currently email + SMS). ClientID is a public identifier of the client. ClientSecret is a secret and for the client unique key.
While fetching a valid JWT-token, the client also needs to include the parameter scopes (claims) containing a list of resources that it intends to consume. Below are the scopes that SMA requires for it's public API:s:
https://snt-public-api.tst.sjofartsverket.se/- Basic access to API:s, required for all resources.https://snt-public-api.tst.sjofartsverket.se/pilotages- Required for access to "Pilotage"-resource.https://snt-public-api.tst.sjofartsverket.se/visits- Required for access to "Visit"-resource.https://snt-public-api.tst.sjofartsverket.se/cancelledvisits- Required for access to "Cancelled Visit"-resource.
Point 1. below shows an example of how a call to fetch a token from SMA's
IDPcan look like.
Below is a picture showing the workflow from the harbours client perspective:
- The client calls SMA's
IDPwith aHTTP POSTcontainingClientIDandClientSecret. SMA responds with a time limited, signedJWT-token. Currently the token is valid for 5 minutes. Below is an example:
curl -X POST 'https://idp.tst.sjofartsverket.se/realms/z4_internal/protocol/openid-connect/token' --user $CLIENT_ID:$CLIENT_SECRET -d 'grant_type=client_credentials' -d scope='https://snt-public-api.tst.sjofartsverket.se/ https://snt-public-api.tst.sjofartsverket.se/pilotages https://snt-public-api.tst.sjofartsverket.se/visits'
Note!
CLIENT_IDandCLIENT_SECRETare pre-set environment variables.
-
The client is now able to call SMA's REST API:s for visit and pilotage information. To be authenticated (and later authorized), the
JWT-tokenneeds to be set in the HTTP header according to theBearerschema.Authorization: Bearer <token> -
If the client is authenticated and authorized, the API will respond
HTTP 200 OKand the response body will contain the requested data.HTTP 401 Unauthorizedindicates that the authentication failed, i.e. theJWT-tokenis invalid. The response codeHTTP 403 Forbiddenindicates that the client is not authorized to fetch the requested data from the API:s.
- Token service: https://idp.tst.sjofartsverket.se/realms/z4_internal/protocol/openid-connect
- API-documentation (in swedish): https://snt-public-api.tst.sjofartsverket.se/swagger/
- API Base URL: https://snt-public-api.tst.sjofartsverket.se
- Access scopes:
`https://snt-public-api.tst.sjofartsverket.se/`
`https://snt-public-api.tst.sjofartsverket.se/pilotages`
`https://snt-public-api.tst.sjofartsverket.se/visits`
`https://snt-public-api.tst.sjofartsverket.se/cancelledvisits`
- Token service: https://idp.sjofartsverket.se/realms/z4_internal/protocol/openid-connect
- API Base URL: https://snt-public-api.sjofartsverket.se/
- Access scopes:
`https://snt-public-api.sjofartsverket.se/`
`https://snt-public-api.sjofartsverket.se/pilotages`
`https://snt-public-api.sjofartsverket.se/visits`
`https://snt-public-api.sjofartsverket.se/cancelledvisits`