Skip to content

API Authentication

Jump to bottom Edit New page
Tjalle Groen edited this page Sep 28, 2020 · 11 revisions

API Authentication

The TOMP-WG is currently exploring different forms of authentication, the final standard has not been decided yet.

Fig. 3 below shows that the API features authentication for each call to allow secure communication and exchange of information between MPs and TOs.

Authentication Fig. 3: API calls and authentication

MaaS Provider authentication and authorization should take place following the process below:

  • Authorization code – The most common flow, mostly used for server-side and mobile web applications. This flow is similar to how users sign up into a web application using their Facebook or Google account.
  • Resource owner password credentials (or just password) – Requires logging in with a username and password. Since in that case the credentials will be a part of the request, this flow is suitable only for trusted clients (for example, official applications released by the API provider).

A Transport Operator might require authentication to communicate with a MaaS Provider, for example to manage (update/cancel) a booking or to send a call-back request. That makes bidirectional authentication necessary.

Blueprint for an Application Programming Interface from Transport Operator to MaaS Provider (TOMP-API) – Version Dragonfly 1

TOMP-API1

Introduction
- Roadmap
- Semantic versioning
- Use cases
- Changes per version
- Contribution
- Participants
Workflow
- Operator information
- Planning phase
- Booking phase
- Trip execution phase - start
- Trip execution phase - on route
- Trip execution phase - end
- Support
- Payment
Points of attention
- Modalities
- Specifying locations
- GDPR
Eco system
- Relations

Blueprint index

Introduction
Scope of the TOMP-API
Versioning and releases
Process Flows
- Authentication
- Operator Information
- Privacy and Registration
- Planning Module
- Booking Module
- Trip Execution Module
- Payment Module
- Support Module
Meta-Information
Reference implementations
To-dos and risks
Technical Specifications

Blueprint appendices

A1 List of terms and definitions
A2 Passenger characteristics dictionary
A3 APIs available on the transportation ecosystem
A4 Overview of the User stories
A5 Authors, Architects, collaborators and stakeholders involved
A6 Adoption and Implementation of the TOMP-API

Clone this wiki locally