Hyfe Insights API
This is the Hyfe Insights API documentation based on the OpenAPI 3.0 specification. You can find out more about Hyfe at https://hyfe.ai.
Authorizing vs API Key Endpoints
To authorize against endpoints which require an API key one must simply set the relevant key in the header of the http request:
X-API-KEY: <API_key_value>
Authorizing vs JWT Endpoints
There are two parts to authorize against endpoints which require a JSON Web Token (JWT):
- Including a correct JWT in the request.
- Configuring the OAuth2 server with Hyfe.
The JWT
The request must use the bearer scheme and include a JWT with at least the fields described below.
The payload section of the JWT must contain at least the following fields:
"hyfe": {
"insights": {
"customer_id": <customer_id>,
"uid": <uid>
}
}
Fields:
customer_id: Unique string value for each customer assigned by Hyfe.uid: Hyfe's uid for the user who's data is being requested, obtained when registering a user.
Configuring the OAuth2 server with Hyfe
When Hyfe's JWT-Authorized endpoints receive a token they check that it is valid and has not been tampered with. This is done by sending a request to pre-configured OAuth2 Authorization server (ideally implementing openid connection discovery).
Each customer has their own server and it's address must be previously communicated to Hyfe.
For example if using Google Cloud as cloud provider the address would be:
https://securetoken.google.com/<gcloud_project_name>/.well-known/openid-configuration
Authentication
- HTTP: Bearer Auth
- API Key: apiKeyAuth
| Security Scheme Type: | http |
|---|---|
| HTTP Authorization Scheme: | bearer |
| Bearer format: | JWT |
| Security Scheme Type: | apiKey |
|---|---|
| Header parameter name: | X-API-KEY |