Authorize Requests to Action Tracker

Every request to the Action Tracker API must be authorized. This is done by including an Authorization header in the request with a valid access token. Authorization ensures that resources are accessible only when you want them to be, and only to those users or applications to whom you grant access.

In this guide, we will walk you through the steps to integrate with the Action Tracker as a service (API).

Step 1: Set API Permissions in Azure

To begin the integration, you must configure API permissions in your Azure portal. This ensures that your app registration is correctly set up to use the Action Tracker API.

Steps:

1. Navigate to the Azure portal and list all App registrations (opens in a new tab).
2. Select your App registration, which your users will be using for Single Sign-On (SSO).
3. Under API permissions, select Add a permission.
4. In the Request API permissions panel, select Action Tracker.
5. Click on the Action Tracker API and select the access_as_user permission.

Environment values

Step 2: Set the Token Scope in Your Application

After setting up the API permissions, the next step is to configure your application to use the correct token scope when acquiring the access token.

Steps:

Example: Using @azure/msal-browser Package

Below is an example of how to use the @azure/msal-browser package to integrate with the Action Tracker API in a non-production environment.

Example Code:

 
export const msalConfig = {
  auth: {
    clientId: c4e11d8b-f0a7-43b8-a0fd-c12cddb7175c,
    authority: https://login.microsoftonline.com/4341df80-fbe6-41bf-89b0-e6e2379c9c23,
  },
};
 
/**
 * Scopes you add here will be prompted for user consent during sign-in.
 * By default, MSAL.js will add OIDC scopes (openid, profile, email) to any login request.
 * For more information about OIDC scopes, visit:
 * https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-permissions-and-consent#openid-connect-scopes
 */
export const apiConfig = {
  scopes: ["api://c4e11d8b-f0a7-43b8-a0fd-c12cddb7175c/access_as_user"],
};
 

import { PublicClientApplication } from "@azure/msal-browser";
 
import { apiConfig, loginRequest, msalConfig } from "@/auth.config";
 
const acquireAccessToken = async () => {
  const activeAccount = msalInstance.getActiveAccount();
  const accounts = msalInstance.getAllAccounts();
 
  if (!activeAccount && accounts.length === 0) {
    throw new Error("No active account found");
  }
  const request = {
    scopes: apiConfig.scopes,
    account: activeAccount || accounts[0],
  };
 
  const authResult = await msalInstance.acquireTokenSilent(request);
 
  return authResult.accessToken;
};

Key Points:

• API Base URL: Depending on the environment, use the correct base URL for the Action Tracker API (e.g., https://dev.actiontracker.riotinto.com/api).
• Scope: The scope should be set as "api://c4e11d8b-f0a7-43b8-a0fd-c12cddb7175c/access_as_user" for non-production environments.
• Authorization Header: Pass the access token in the authorization header for API requests.

Action API Endpoints

Conclusion

By following the steps outlined above, you can successfully integrate your application with the Action Tracker API. If you encounter any issues, don't hesitate to contact the Action Tracker support team for assistance.