Verizon Personal Cloud Storage APIs use industry standard OAuth 2.0 protocol for authentication and authorization. OAuth 2.0 uses access tokens instead of Verizon Personal Cloud Storage account owner’s credentials to access Verizon Personal Cloud Storage user content. Each access token has specific, predefined scope and lifetime and is only issued with the approval of the account owner. The account owner can terminate the access at any time.
Your app must follow the following basic steps when using OAuth 2.0:
Obtain ThingSpace Platform Credentials.
To begin, you must obtain ThingSpace platform credentials. You will need those credentials to authenticate your app with Verizon Cloud Authentication service.
Establish Callback URL.
In order to use Verizon Personal Cloud Storage APIs you must update your app’s information with Callback URL. Callback URL is an HTTP callback address where the authorization code is going to be sent.
NOTE: Make sure that you take note of the exact spelling of the Callback URL as it is case sensitive. Your app must specify it exactly as you have entered it on your app’s registration form in Key Management.
Obtain Authorization Code from Verizon Authentication Service.
A Verizon Personal Cloud Storage account holder can choose to give your app access to the content stored in his or her Verizon Personal Cloud Storage account. Your app must first authenticate with Verizon Authentication service using your app’s Key and Secret. Verizon Authentication will then present the user with a request to grant your app access to the content stored in his or her Verizon Personal Cloud Storage account. If the user grants access, Verizon Authentication will issue access and refresh tokens.
An access token is a string representing authorization issued to your app by the Verizon Personal Cloud Storage account owner. Access tokens have specific duration of access which is enforced by the Verizon Authentication service. When an access token expires, your app will no longer be able to access Verizon Personal Cloud Storage user content.
Refresh tokens are credentials that your app can use to obtain new access tokens. Your app will receive a refresh token from the Verizon Cloud Authentication service each time an access token is issued. When the access token expires, your app can exchange the refresh token for a new access token with identical scope and permissions that have been authorized by the account owner.
Refresh Access Token - When Necessary.
Access tokens have limited lifetimes. If your application needs access to the Verizon Personal Cloud Storage user content beyond the lifetime of a single access token, it can use the refresh token to obtain a new access token. Refresh tokens will remain valid for 14 days unless the account owner decides to terminate your app’s access to his or her Verizon Personal Cloud Storage account.
If the account owner uses your app at least once every 14 days, your app will be able to automatically refresh access tokens. Otherwise, if the account owner leaves the app idle for more than 14 days, the refresh token that has been used last will expire and the user will have to re-authorize your app’s access.
The following is the detailed OAuth 2.0 authentication and authorization flow:
POST /tokencall to Cloud Authentication. Included in the query parameters are authorization code, client ID and client secret.
* If the Verizon account holders have Cloud Client installed on their mobile device, the app will use Verizon’s Cloud Authentication silent sign-on. The users will not be prompted to log on again and will be taken directly to the consent screen.
Once your app has been installed on the user’s device, the user will be able to manage your app’s access to the content stored in his or her Verizon Personal Cloud Storage account.
In order to grant you app access to the content stored in his or her Verizon Personal Cloud Storage account, the user will be directed to:
Log on to his or her Verizon account.
NOTE: If the user has Cloud Client installed on his or her Verizon Wireless issued 4G LTE mobile device and the app is using the SDK, the app will use Verizon’s Cloud Authentication silent sign-on. The user will not be prompted to log on and will be taken directly to the consent screen.
The user must select Approve to grant your app access.
Verizon Personal Cloud Storage account holder can revoke your app’s access to their account at any time. Both access token and refresh token will be revoked at the same time.
In order to revoke you app’s access to their Verizon Personal Cloud Storage account, the users will have to:
Copyright © 2015-2017, Verizon and/or its Licensors. All rights reserved.