Skip to main content

Authentication & Authorization

Learn how to securely authenticate your applications with the SPS platform and manage access control.

Authentication Methods

SPS provides multiple secure authentication options:

MethodUse Case
OAuth2Web & mobile apps (Authorization Code Flow with PKCE)
JWT TokensAPI access & session management
API KeysServer-to-server communication
Session CookiesBrowser-based authentication

JWT Token Usage

Include the JWT access token in the Authorization header for API requests:

GET /api/services/app/Manual/GetAll
Authorization: Bearer YOUR_ACCESS_TOKEN

API Key Usage

Pass the API key via header or query parameter:

Header:

GET /api/services/app/Tenant/GetAll
Api-Key: YOUR_API_KEY

Query Parameter:

GET /api/services/app/Tenant/GetAll?api_key=YOUR_API_KEY

Multi-Tenant Context

Specify the target tenant using one of these methods:

  • Subdomain: https://tenantname.safetyproceduresystems.com
  • Header: Abp.TenantId: 1
  • Query Parameter: ?TenantId=1

Roles & Permissions

SPS uses role-based access control with these built-in roles:

  • Host Admin
  • Tenant Admin
  • Manager
  • User
  • Viewer

Permissions are granular and assigned at the role level.

Next Steps

Proceed to Environment Setup.