Authentication
All authentication for the ArborXR APIs is performed by using OpenID (OAuth 2.0).
Our OpenID service runs at auth.xrdm.app and has an OpenID Configuration Discovery document available at https://auth.xrdm.app/auth/realms/xrdm-users/.well-known/openid-configuration
For API integration we suggest using account-console client and direct access grants to exchange your username and password for an access_token & refresh_token.
Our access_token values are very short living so we suggest store the refresh token and exchanging it for new access_token regularly.
Once you have an access_token it is passed on all GraphQL API requests as the Authorization: Bearer {$access_token} header.
We also require the passing of an x-organization-id header which is the UUID for the Organization you are interacting with. If you login at app.arborxr.com you will see the UUID as the first portion of the URL you are at
For example:
https://app.arborxr.com/d084efbc-5c80-4112-9ef8-c903263bb1df/dashboard
The UUID value is
d084efbc-5c80-4112-9ef8-c903263bb1df
Example
This is a CURL formatted request example:
Request:
curl --request POST \
--url https://auth.xrdm.app/auth/realms/xrdm-users/protocol/openid-connect/token \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data client_id=account-console \
--data grant_type=password \
--data '[email protected]' \
--data password=yourpasswordhere
Response:
{
"access_token": "eyJhbGciOiJSUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICJ5NUpnbDBlZktOeUZBTC1Iamstc05lMFNHNzhHem9pYU1KTzlibEVSWnY4In0.eyJleHAiOjE2NzA0Mzk4NDIsImlhdCI6MTY3MDQzOTU0MiwianRPIjoiMjUwMDAxMDEtNzk3OC00ODhkLWFmMTQtZTNkOGJhMDc0M2Q0IiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnhyZG0uYXBwL2F1dGgvcmVhbG1zL3hyZG0tdXNlcnMiLCJhdWQiOiJhY2NvdW50Iiwic3ViIjoiYWQzY2VmMmQtMmE4MC00MzYzLTkxZDYtMjAwYzgyYWMwOWI2IiwidHlwIjoiQmVhcmVyIiwiYXpwIjoiYWNjb3VudC1jb25zb2xlIiwic2Vzc2lvbl9zdGF0ZSI6IjJlOGMxNWJiLWI4ZGYtNGI2YS04YjI3LTc0ZjA1MzZjYjA3NCIsImFsbG93ZWQtb3JpZ2lucyI6WyJodHRwczovL29uYm9hcmQuYXJib3J4ci5jb20iLCJodHRwczovL2FwcC5hcmJvcnhyLmNvbSIsImh0dHBzOi8veHJkbS5hcHAiXSwicmVzb3VyY2VfYWNjZXNzIjp7ImFjY291bnQiOnsicm9sZXMiOlsibWFuYWdlLWFjY291bnQiLCJtYW5hZ2UtYWNjb3VudC1saW5rcyJdfX0sInNjb3BlIjoiZW1haWwgcHJvZmlsZSIsInNpZCI6IjJlOGMxNWJiLWI4ZGYtNGI2YS04YjI3LTc0ZjA1MzZjYjA3NCIsIm9yZ2FuaXphdGlvbklkIjoiREVQUkVDQVRFRCIsImVtYWlsX3ZlcmlmaWVkIjp0cnVlLCJuYW1lIjoiTWF0dGhldyBIYWxsIiwidGVuYW50SWQiOiI3Njg0ZjIxZC04YjMwLTRiMTAtOWQzMy03MWIyNDU5YzE1MDEiLCJpZCI6IjY3MjA2Y2ZhLWNhNjUtNDdkYy1iODM4LThjMzYxZmE2MjFlOSIsInByZWZlcnJlZF91c2VybmFtZSI6IjY3MjA2Y2ZhLWNhNjUtNDdkYy1iODM4LThjMzYxZmE2MjFlOSIsImdpdmVuX25hbWUiOiJNYXR0aGV3IiwiZmFtaWx5X25hbWUiOiJIYWxsIiwiZW1haWwiOiJtYXR0K3Rlc3RAYXJib3J4ci5jb20ifQ.LVOg0_R-7y94kqHqeGN4A-LKQOiII6uLjRHcO8lXJvxwMnsauXkZntjnP3dNF2IfygoEjeAnzaXIPiZjG3P2k5byckEQ8_v9bR5lDtUI-59IzLiqb-a8Mj_kHd7o3PB8tphtDrWc3Nih3vPs4eQZDyod3WqXQHVRhWAtuFUJnESs_EeKDmyB8ThKq0pqmY9O1VxyMrGh2XdzLKzYRtiGCEYi6JG33ize5JVoeyjwTsasu6Y6Ok3u4ZbArPdZ-CXEWcsYgK5AMh9RVtXR51Ix8fSBIORyiGxqUn9A9zyJ5UBVqgD_a0uOnQV20TRLGNxhKVuCj1MTYl6_bTAZfuoZaH",
"expires_in": 300,
"refresh_expires_in": 10800,
"refresh_token": "eyJhbGciOiJIUzI1NiIsInR5cCIgOiAiSldUIiwia2lkIiA6ICI0YWRiOTNlOC0wYmExLTRhMmYtYTY3ZC0wNDMyN2U0NWI4ZWQifQ.eyJleHAiOjE2NzA0NTAzNDIsImlhdCI6MTY3MDQzOTU0MiwianRpIjoiYjVkYmE3ZGQtNmFjZC00YzAwLTgxOWYtNzY1MWQwMDVjNjUwIiwiaXNzIjoiaHR0cHM6Ly9hdXRoLnhyZG0uYXBwL2F1dGgvcmVhbG1zL3hyZG0tdXNlcnMiLcJhdWQiOiJodHRwczovL2F1dGgueHJkbS5hcHAvYXV0aC9yZWFsbXMveHJkbS11c2VycyIsInN1YiI6ImFkM2NlZjJkLTJhODAtNDM2My05MWQ2LTIwMGM4MmFjMDliNiIsInR5cCI6IlJlZnJlc2giLCJhenAiOiJhY2NvdW50LWNvbnNvbGUiLCJzZXNzaW9uX3N0YXRlIjoiMmU4YzE1YmItYjhkZi00YjZhLThiMjctNzRmMDUzNmNiMDc0Iiwic2NvcGUiOiJlbWFpbCBwcm9maWxlIiwic2lkIjoiMmU4YzE1YmItYjhkZi00YjZhLThiMjctNzRmMDUzNmNiMDc0In0.CbWcIXUs2FNVzm9gtFjq8VHfJ_aQOht-6n7MexEoNZ9",
"token_type": "Bearer",
"not-before-policy": 0,
"session_state": "2e8c15bb-b8df-4b6a-8b27-74f0536cb073",
"scope": "email profile"
}