Fusion allows you to integrate your servers with SDK authentication. SDK authentication involves the generation of authentication token with custom attributes. You can use this token to authenticate the Fusion API calls. 

To begin with the Cipher SDK integration, you are required to go through an authentication process. This process involves a pre-exchange of asymmetric keys between the SDK framework and your servers. A private key is responsible for signing the authentication token. The private key along with token generation logic is shared with you through email.

Before you begin

At Zeta, a remote maven repository accessible by https:// protocol is set up. This holds all the build artifacts and dependencies required in the SDK integration. Take care of the following prerequisites before you move to SDK authentication process,

1. A dd following Maven repository URLs in the POM file of the project.

   Maven repositories

   maven{url 'https://apollo-maven.corp.zeta.in/nexus/content/repositories/releases/'}
   maven{url 'https://apollo-maven.corp.zeta.in/nexus/content/repositories/snapshots/'}

2. Add the following dependencies in your project.
   

   Dependencies

   <groupId>in.zeta.apollo</groupId>
   <artifactId>tenant-commons</artifactId>
   <version>1.1</version>

About Maven Repository

In general, a Maven Repository holds build artifacts and dependencies of varying types. The maven repositories are of two types such as local and remote. 

• The local repository is a directory on the computer where Maven runs. 
• A remote repository is accessible externally by using a variety of protocols such as file:// and https://.

Local and remote repositories are structured the same way so that scripts can run on either side, or they can be synced for offline use. However, the layout of the repositories is completely transparent to any Maven user.

How to generate an authentication token?

The SDK authentication process involves generation of tenantAuthToken with a configurable set of claims. This token must be generated on the server-side as it involves signing the data with a private key. The private key must never be compromised. 

String jwtToken = AsymmetricJwtTokenGenerator.generateJWT(
				  <<issuerId>>,
                  <<base64EncodedPrivateKey>>,
                  <<algorithm>>,
                  <<claims>>,
                  <<expiryEpochTimeInMilliseconds>>);

Parameter description

• issuerID: An issuer can be a company or a business domain. For example, Zeta.
• base64EncodedPrivatekey: A private key associated with the SDK. It is responsible for signing the data for the  tenantAuthToken generation.
  
• algorithm: Algorithm used for key-pair generation. Currently, the key-pair used for signature is EC.
  
• expiryEpochTimeInMilliseconds: Expiration time of epoch time in milliseconds.
  

• claims: An element to support the dynamic string substitution feature. You can add the claims in the SDK integration with  Object type  Map<String, Object>. 

  Sample Map for claims

  {
  	'tenantUniqueVectorId': '<unique identifier for the app user>'
  }

  
  tenantUniqueVectorId: ID of the tenantUniqueVector generated by the tenant. This is the same ID that was earlier verified by the Zeta system during the registration.