User Access and Authorization

Yonomi relies on your existing OAuth2.0-compliant Identity & Access Management (IAM) solution to authorize requests made to the platform on behalf of your users. In other words, Yonomi uses the very same user access and authorization systems you already use today. This means you won’t need to create and manage users in Yonomi - your existing users simply interact with Yonomi. The Yonomi platform verifies your user requests by validating user tokens against your IAM public key for every request. This identity management flow allows for a seamless user experience between the Yonomi platform, 3rd Party devices and your applications.

📘 What if I don’t have an IAM or don’t have access to configure the one used by my company?

You don’t need your own IAM to get started with Yonomi. The Developer Portal gives you sandbox API access to get you going, and you can worry about the identity details when the time is right.

Authorizing API Calls to Yonomi#

All calls to Yonomi Platform must target a specific Yonomi Platform tenant, and must be made on behalf of an authorized user.

To determine to which tenant/stage a request is being targeted, Yonomi will look for a special header in all HTTP requests. This HTTP header, x-allegion-installation-reference-id, is required and must be sent with all requests regardless of the number of Yonomi Platform tenants you use. Details on this header are covered below.

To specify the user you’ll need to be able to generate a valid, key-signed JWT ID Token from your Identity and Access Management (IAM) system and place it in the Authorization header variable before executing a call. This follows the standard approach for authenticating HTTP requests.

🚧 I need to obtain what? …From what? Can I just create a user using the Yonomi API?

Essentially, Yonomi relies on your company’s existing Identity and Access Management (IAM) system to authenticate calls against the Yonomi Platform. While this means your developers don’t have to maintain multiple user accounts between your existing solution and Yonomi, many developers don’t work directly with their companies IAM. If you’re building a new solution from scratch then you may not have an IAM with which to begin your work. That’s ok, too - just create a Yonomi Development Portal account and start testing in the sandbox environment.

The approach Yonomi uses to authorize your users is similar to an approach you’ve likely already used on websites when you are offered the option to create a new account using your existing Google, Facebook or Github account and login process as the authorizing authority. In this case, Yonomi relies on your application’s existing user account management infrastructure to verify authorization of your users. This process follows the OAuth2.0 industry-standard protocol for authorization, and is a secure, reliable and efficient model for user management. This authentication approach is much more secure and streamlined for a production implementation and requires less work for your developers to get a solution prototyped, tested and deployed than introducing an additional user account for your developers to maintain.

If you have an existing IAM system you can use your own JWTs with Yonomi. When you’re ready, reach out to Yonomi Customer Success to request a development tenant and we’ll configure it against your JWT. Note the JWT needs to be signed with your IAM’s private key and you’ll need distinct IAM configurations for each of your stages/environments.

Again - if you don’t have an IAM today, no problem, you can get started by creating a Yonomi Development Portal account and begin exploring your solution needs in the portal’s sandbox environment.

For details what you’ll need to configure your tenant for authorization of your users, see the User Authentication Configuration section of the Tenant Configuration Guide.