Provision Genesys Authentication
Contents
Learn how to provision Genesys Authentication.
Prerequisites
- You have installed the Genesys Authentication services and the following URLs are accessible:
- <auth-url>/auth/v3/oauth/token
- <auth-url>/environment/v3/environments
- You have the ops credentials (services.secret.admin_username and services.secret.admin_password) from the values.yaml file.
- The Tenant Service is accessible.
- You have Configuration Server details such as hostname or IP, port, username, password, and cloud application name.
Create a new API Client
Make a POST request to create a new API client for Genesys Authentication:
curl --location --request POST '<gauth-url>/auth/v3/ops/clients' \
--header 'Content-Type: application/json' \
--user ops:ops \ ---------------------------- Cloud ops credentials (<username:password>) from values.yaml. The default value is ops:ops
--data-raw '{"data": {
"name": "external_api_client", ----------------- <Client Name>
"clientType": "CONFIDENTIAL",
"internalClient": true,
"refreshTokenExpirationTimeout": 43200,
"client_id": "external_api_client", ----------------- <Client ID>
"client_secret": "", --------------------------<Client Password>
"authorities": ["ROLE_INTERNAL_CLIENT"],
"scope": ["*"],
"authorizedGrantTypes": ["client_credentials", "authorization_code", "refresh_token", "password"],
"redirectURIs": ["https://gauth.<yourcluster.com>","https://wwe.<yourcluster.com>","https://gws.<yourcluster.com>","https://prov.<yourcluster.com>"], -----> should add gws/prov external URLS here
"accessTokenExpirationTimeout": 43200
}
}'
The result includes the client_id you need to Create an authentication token:
"status": {
"code": 0
},
"data": {
"clientType": "CONFIDENTIAL",
"scope": [
"*"
],
"internalClient": true,
"authorizedGrantTypes": [
"refresh_token",
"client_credentials",
"password",
"authorization_code",
"urn:ietf:params:oauth:grant-type:token-exchange",
"urn:ietf:params:oauth:grant-type:jwt-bearer"
],
"authorities": [
"ROLE_INTERNAL_CLIENT"
],
"redirectURIs": [
"https://gauth.<yourcluster.com>",
"https://gws.<yourcluster.com>",
"https://prov.<yourcluster.com>",
],
"accessTokenExpirationTimeout": 43200,
"refreshTokenExpirationTimeout": 43200,
"createdAt": 1619796576236,
"name": "external_api_client",
"client_id": "external_api_client",
"client_secret": "secret",
"encrypted_client_secret": "A34BOmXDedZwbTKrwmd4eA=="
}
}
Create an authentication token
Make the following POST request to create an authentication token:
curl --location --user external_api_client:secret --request POST '<gauth-url>/auth/v3/oauth/token' \ ----- user is the API client created in the previous step
--data-urlencode 'username=ops' \
--data-urlencode 'client_id=external_api_client' \ ------------------ client ID created in the previous step
--data-urlencode 'grant_type=password' \
--data-urlencode 'password=ops'
The result includes the access_token you need to Add a Genesys tenant/environment:
{
"access_token": "5f1ecb33-5c63-4606-8e30-824e494194c6",
"token_type": "bearer",
"refresh_token": "f0c7eed6-cc55-426f-9594-7ae14903e749",
"expires_in": 43199,
"scope": "*"
}
Add a Genesys tenant/environment
Make the following POST request to create the Environment tenant:
curl --location --request POST '<gauth-url>/environment/v3/environments' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer f3aa2109-8889-4182-b2b7-d86917c53e4e' \ ----- access token generated in previous step
--data-raw '{
"data": {
"id" : <CC-id>, which is used while deploying the Tenant service
"username": "default", ---------------------------- Configuration Server username
"password": "password", ------------------------- Configuration Server password
"connectionProtocol": "addp",
"remoteTimeout": 7,
"appName": "Cloud", -------------------------- Cloud app
"traceMode": "CFGTMBoth",
"tlsEnabled": false,
"configServers": [{
"primaryPort": 2020, ---------------------- Configuration Server port
"readOnly": false,
"primaryAddress": "172.24.132.84", ------ Configuration Server IP
"locations": "/USW1"
}],
"localTimeout": 5,
"tenant": "Environment"
}
}'
The result includes the environment ID you need to Add a contact center:
{
"status": {
"code": 0
},
"path": "/environments/d0fb6386-236c-4739-aec0-b9c1bd6173df" - Environment ID
}
Add a contact center
Make the following POST request to add a contact center to the environment:
curl --location --request POST '<gauth-url>/environment/v3/contact-centers' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 9901f8d6-0351-47f8-b718-7db992f53a02' \
--data-raw '{
"data": {
"domains": <customer-domain>,
"environmentId": "343dd264-7c26-4f9e-82c5-26baedbcb797", ------- > Environment ID created in the previous step
"auth": "configServer",
"id" : <CC-id> which is used while deploying the Tenant service
}
}'
The result includes the contact center ID (also known as CCID) you will need to provision other Genesys services:
{
"status": {
"code": 0
},
"path": "/contact-centers/ed4c03f3-6275-4419-8b2b-11d14af10655" - Contact center ID
}
Add a data center
Make the following POST request to add a data center:
curl --location --request POST '<gauth-url>/environment/v3/data-centers' \
--user ops:ops \
--header 'Content-Type: application/json' \
--data '{
"data": {
"location": "/usw1", <----- region as per Genesys Multicloud CX name convention
"entryPoint": <gauth-url>, <----- for location above
"readOnly": false/true <----- should be true for a primary or writeable region only, false for all other regions
}
}'
The result should look like this:
"status": {
"code": 0
}
Update CORS settings (optional)
curl --location --request POST '<gauth-url>/environment/v3/contact-centers/<contactcenter-id>/settings' \
--header 'Content-Type: application/json' \
--header 'Authorization: Bearer 3f26790a-6e5b-4dc7-a139-ae78dab2a331' \ -- Bearer token
--data-raw '
{
"data":{
"location":"/",
"name":"cors-origins",
"shared":"true",
"value":"<URL_1>,<URL_2>,<URL_3>""- URLs that require CORS permission"
}
}'