Configure Client Credentials for Non-Interactive Access

To enable non-interactive access to Jitsuin Archivist APIs:

  1. Create an Application registration in your Azure Active Directory.

  2. Grant an API access permission for the registration referring to the Jitsuin Archivist API

  3. Create a client secret

Note

Certificate based assertion of identity is fully supported. See client_assertion_type and client_assertion in the official Azure documentation

Create an Application registration

  • Choose any name you like.

  • Account type should be: accounts in this organisational directory only.

  • Redirect URI - leave blank.

api-app-new-registration api-app-new-registration-name-and-account-type

The Microsoft quickstart register app guide covers the general process.

Add an API Permission to the Application registration

Your app registration must be granted access to the Jitsuin Archivist API.

api-app-permissions-apis-my-org-uses api-app-permissions-request-apis

The Application permissions enable access to the Jitsuin Archivist API using client secrets or certificates. The Microsoft quickstart configure web app access guide covers the general process. For non-interactive use see Application permissions.

Enable the desired Jitsuin Archivist roles

api-app-permissions-roles

Add a client secret to the Application registration

api-app-certificates-and-secrets-2

Take note of the client secret and the application object id (uuid).

Note

If you need to have different secrets for different Jitsuin Archivist roles create an application registration for each distinct set of roles.