Carbonite Authentication Instructions

Users must obtain a JWT access token to access the LBM Public API.

Authentication happens by making a POST request to our token endpoints using Basic Authentication and an OAuth2 client credentials flow

The example curl command below demonstrates obtaining an access:

curl --location 'https://293-app-prod-carbonite-sso-staging.azurewebsites.net/common/oauth2/v1.0/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--header 'Authorization: Basic dGVzdDp0ZXN0' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'scope=LBMPublicAPI.Customer.<TENANT>' \
--data-urlencode 'aud=pipeline_lbm_public_api'

The Basic Authorization header value is the base64 encoded ClientId and Client Secret which is given to the user:

$string = "clientId:clientSecret"
$bytes = [System.Text.Encoding]::UTF8.GetBytes($string)
$base64 = [Convert]::ToBase64String($bytes)
Write-Output $base64

The scope LBMPublicAPI.Customer.<TENANT> should be included in the request to scope the JWT token to the Pipeline LBM Tenant that the customer has access to. The <TENANT> value comes from the URLof the Pipeline LBM site, e.g. for the URL https://lb.pipelinebt.app/lbmsales , the tenant is lbmsales and the full scope should be: LBMPublicAPI.Customer.lbmsales

A user cannot receive a token nor access an LBM Tenant that is not included in the Carbonite app registration.

When successful, the user should receive a JSON response that includes a Bearer JWT within the “access_token” property:

{
  "access_token": "eyJ...",
  "token_type": "Bearer",
  "expires_in": 86399
}

The bearer token is then included within the Authorization Header of requests made to the Public API, and the <TENANT> value also must be included in an X-Customer header:

curl --location 'https://293-app-prod-pipeline-public-api.azurewebsites.net/api/v1/jobs' \
--header 'X-Customer: lbmsales' \
--header 'Authorization: Bearer eyJ...'