Documentation

Authentication

You will need the following to get setup with MiTrust:

  • A Jira account
  • API keys for your Service Provider

Create a Jira account

You can self-register and create your customer account on our Jira Portal here.
Once registered, you will be able to create requests of various types (technical support, bug, report, security incident…), especially "Application for new Service Provider", which is the way to get your API keys.

Request API keys

API keys are associated with your Service Provider (or SP - this is how we call your own MiTrust instance).

After applying for your new Service Provider on our Jira Portal, you will receive an API key and secret:

  • The client_id is a public piece of information identifying your application.
  • The secret_key shall remain secret, it will be used to generate an access token.

When applying to a new Service Provider, you will have to provide some information; the most important (hard to change) is the owner (administrator) information:

  • Owner email : preferably a generic email address (ex. : [email protected]). If you have several SP, they should all have the same owner email
  • Owner mobile number : the API secret will be sent to that number

📘

About redirect URIs:

  • They must be absolute (no wild card “_”, no hash “#”), as per OAuth2 RFC 7642
  • GET parameters are OK (although deprecated – see https://datatracker.ietf.org/doc/html/rfc6819#section-5.2.3.5 ; you should rather use the state parameter in order to handle multiple values)
  • Redirect URI should be HTTPS (except for SBX environment which can accept HTTP for localhost for development purpose)

Examples :


What’s Next