Authentication & Authorization
Learn how to securely authenticate your applications with the SPS platform and manage access control.
Authentication Methods
SPS provides multiple secure authentication options:
| Method | Use Case |
|---|---|
| OAuth2 | Web & mobile apps (Authorization Code Flow with PKCE) |
| JWT Tokens | API access & session management |
| API Keys | Server-to-server communication |
| Session Cookies | Browser-based authentication |
JWT Token Usage
Include the JWT access token in the Authorization header for API requests:
GET /api/services/app/Manual/GetAll
Authorization: Bearer YOUR_ACCESS_TOKEN
API Key Usage
Pass the API key via header or query parameter:
Header:
GET /api/services/app/Tenant/GetAll
Api-Key: YOUR_API_KEY
Query Parameter:
GET /api/services/app/Tenant/GetAll?api_key=YOUR_API_KEY
Multi-Tenant Context
Specify the target tenant using one of these methods:
- Subdomain:
https://tenantname.safetyproceduresystems.com - Header:
Abp.TenantId: 1 - Query Parameter:
?TenantId=1
Roles & Permissions
SPS uses role-based access control with these built-in roles:
- Host Admin
- Tenant Admin
- Manager
- User
- Viewer
Permissions are granular and assigned at the role level.
Next Steps
Proceed to Environment Setup.