APIs

This type of interface is used by AppAdmin to set relationships of “User-Role” and “Role-Permission”.

The appName parameter must be added to all interfaces to indicate the name of the application to be processed by the interface.

If the appToken field is set when the system administrator creates a new business application to the database (refer to the /application/add interface), the value of appToken needs to be set through the appToken field in the interface parameter when calling the following interface. Otherwise, the interface will receive the “application token verification failed.” error due to the failure of business application administrator authentication.

1 User management interface

This kind of interface is used to add, delete, modify and query users.

MatrixAuth is a lightweight permission system, which is only responsible for managing user permissions, but not for user login, user information management and other operations, but through a userkey field to uniquely identify a user. Generally, the userkey field can be user login, userId in the information system, etc.

  • /user/add : Add one user.
Parameter name Required Description
appName Yes Name of application
userKey Yes Unique identification of the user
userName No User name
appToken No Basis for completing the identity verification of application administrator
  • /user/updateByKey : Update information of a business application.
Parameter name Required Description
appName Yes Name of application, cannot be modified
userKey Yes Unique identification of the user, cannot be modified
userName No User name
appToken No Basis for completing the identity verification of application administrator
  • /user/queryByAppName : Query all users of an application.
Parameter name Required Description
appName Yes Name of application
appToken No Basis for completing the identity verification of application administrator
  • /user/queryByKey : Query a user by application name and user ID.
Parameter name Required Description
appName Yes Name of application
userKey Yes Unique identification of the user
appToken No Basis for completing the identity verification of application administrator
  • /user/deleteByKey : delete one user.
Parameter name Required Description
appName Yes Name of application
userKey Yes Unique identification of the user
appToken No Basis for completing the identity verification of application administrator

2 Role management interface

MatrixAuth is a distributed permission system. After an application is accessed, it can control the “user-role-permission” relationship in the application. However, this kind of control is not always established. For example, if there is a business application as a campus management system, MatrixAuth can set a user in the business application as an “Administrator” to exercise some management rights , MatrixAuth may not be able to set a user as a “head teacher”, because the role of “head teacher” is set up by the campus management system, a business application operation, rather than by MatrixAuth, a business independent authority system

Therefore, some roles can be set by MatrixAuth, while some can’t. according to this, we divide the roles in MatrixAuth into three categories, and the corresponding enumeration value codes and descriptions are as follows:

  • InterfaceControlled:Roles that can only be used to set the user-role relationship through the interface API of MatrixAuth, such as “administrator”.
  • BusinessAppControlled:Roles that can only be set user-role relationship through business application, such as “head teacher”.
  • InterfaceAndBusinessAppControlled:Roles that can be used to set the user-role relationship through the interface API or business application.

Relevant operation interfaces are as follows:

  • /role/add : Add one role.
Parameter name Required Description
appName Yes Name of application
roleName Yes Role name
description No Role description
type Yes Role type, options:InterfaceControlledBusinessAppControlledInterfaceAndBusinessAppControlled
appToken No Basis for completing the identity verification of application administrator
  • /role/updateByName : Update role.
Parameter name Required Description
appName Yes Name of application, cannot be modified
roleName No Role name, cannot be modified
description No Role description
type Yes Role type, options:InterfaceControlledBusinessAppControlledInterfaceAndBusinessAppControlled
appToken No Basis for completing the identity verification of application administrator
  • /role/queryByAppName : Query all roles of an app.
Parameter name Required Description
appName Yes Name of application
appToken No Basis for completing the identity verification of application administrator
  • /role/queryByName : Query a role by application name and role ID.
Parameter name Required Description
appName Yes Name of application
roleName Yes Role name
appToken No Basis for completing the identity verification of application administrator
  • /role/deleteByName : Delete one role.
Parameter name Required Description
appName Yes Name of application
roleName Yes Role name
appToken No Basis for completing the identity verification of application administrator

3 Permission management interface

This kind of interface is used to add, delete, modify and query permissions

  • /permission/add : Add one permission.
Parameter name Required Description
appName Yes Name of application
permKey Yes Permission key, unique identification of the permission
name No Permission name
description No Description
appToken No Basis for completing the identity verification of application administrator
  • /permission/updateByKey : Update one permission.
Parameter name Required Description
appName Yes Name of application
permKey Yes Permission key, cannot be modified
name No Permission name
description No Description
appToken No Basis for completing the identity verification of application administrator
  • /permission/queryByAppName : Query all permissions of the application.
Parameter name Required Description
appName Yes Name of application
appToken No Basis for completing the identity verification of application administrator
  • /permission/queryByKey : Query one permission.
Parameter name Required Description
appName Yes Name of application
permKey Yes Permission key
appToken No Basis for completing the identity verification of application administrator
  • /permission/deleteByKey : Delete one permission.
Parameter name Required Description
appName Yes Name of application
permKey Yes Permission key
appToken No Basis for completing the identity verification of application administrator

4 “User-Role-Permission” management interface

This type of interface is used to complete the setting of “User-Role-Permission” association relationship

  • /auth/addUserXRole : Add a role for the specified user.
Parameter name Required Description
appName Yes Name of application
userKey Yes Unique identification of the user
roleName Yes Role name
appToken No Basis for completing the identity verification of application administrator
  • /auth/deleteUserXRole : Delete a role for the specified user.
Parameter name Required Description
appName Yes Name of application
userKey Yes Unique identification of the user
roleName Yes Role name
appToken No Basis for completing the identity verification of application administrator
  • /auth/addRoleXPermission : Add a permission for the specified role.
Parameter name Required Description
appName Yes Name of application
roleName Yes Role name
permKey Yes Permission key
appToken No Basis for completing the identity verification of application administrator
  • /auth/deleteRoleXPermission : Delete a permission for the specified role.
Parameter name Required Description
appName Yes Name of application
roleName Yes Role name
permKey Yes Permission key
appToken No Basis for completing the identity verification of application administrator

MatrixAuth-High performance lightweight distributed permission system.