Operations Center uses standard OpenId Connect/OAuth 2.0 authentication standards.
By leveraging the Genetec SSO service (Genetec One), users can login using their existing accounts. Upon a successful login, they are redirected back to Operations Center and will then be presented a tenant selection screen for all tenants the user has access to.
Requests to our REST APIs are authenticated via the Authorization header . Clients consuming the APIs need to send the header containing valid JWT access tokens obtained from the Genetec SSO.
At this moment, Operations Center only supports Authorization Code flow .This implies that the JWT token passed on all requests must be from an actual user. We intend to add support for machine-to-machine communication in the future by using the Client Credentials flow.
A single login can work with all tenants the user has access to, no logout is required in order to switch to another tenant.
Most API calls have a tenantId parameter that will select the context of the call.