POS Users: Overview

Swagger Definition

The Swagger definition for this version of the POS Users API can be found at: https://app.swaggerhub.com/apis/Triquestra/pos_users/3.2.

Overview

The POS Users API allows you to create and manage POS users. It can also be used to authenticate POS users outside Infinity using their Infinity login name and password.

Using the POS Users API you can:

  • Authenticate against Infinity POS username and password.
  • Create a new POS user.
  • Update a POS user.
  • Delete a POS user.
  • Retrieve Username and UserGroup of a POS user.
  • Retrieve a list of POS users by branch and user group.
  • Retrieve a list of user groups that has been configured.

The POS Users API is composed of the following:

  • POS Credential: An encrypted string that contains Infinity POS login and password.
  • Login_name: The POS user's login name.
  • User_name: he POS user's username.
  • User_Group_id: Yhe POS user's usergroup ID.
  • POS user: An object composed of login_name, user_name,user_group_id, date_of_birth, primary_site_code and alternative_site_code.
  • Date_of_birth: The POS user's date of birth.
  • Primary_site_code: The primary site code or the site code that the user was first created in and has access to.
  • Alternative_site_code: Additional site codes that the user has access to.

Examples

Authenticate pos_credential against Infinity POS username and password:

POST /pos_users/authenticate

{

"pos_credential": "TWFyeSBoYWQgYSBsaXR0bGUgbGFtYi4uLiBASktMTU5PUFpbXF1eX2BhamtsbW5ven1+"

}

The pos_credential string is an encrypted json object containing the username and password of the POS user. To create the pos_credential string, first populate the authentication json model with the username and password:

{

"name": "user name here",

"password": "password here",

}

This could be a json serialized C# object.

Then encrypt the string using Rijndaeljal 128bit CBC with PKS7 padding.

Example C# code to perform the encryption below, passing the json string to the encrypt method would return a string that can be consumed by the POS Users API Authenticate endpoint. Note the “YourPassPhrase” string needs to be set to the value configured in Infinity API Config SecurityKey configuration.

 

public static string Encrypt(string plainText)

{

// Salt and IV is randomly generated each time, but is preprended to encrypted cipher text

// so that the same Salt and IV values can be used when decrypting.

var saltStringBytes = Generate128BitsOfRandomEntropy();

var ivStringBytes = Generate128BitsOfRandomEntropy();

var plainTextBytes = Encoding.UTF8.GetBytes(plainText);

using (var password = new Rfc2898DeriveBytes("<YourPassPhrase>", saltStringBytes, 1000))

{

var keyBytes = password.GetBytes(128 / 8);

using (var symmetricKey = new RijndaelManaged())

{

symmetricKey.BlockSize = 128;

symmetricKey.Mode = CipherMode.CBC;

symmetricKey.Padding = PaddingMode.PKCS7;

using (var encryptor = symmetricKey.CreateEncryptor(keyBytes, ivStringBytes))

{

using (var memoryStream = new MemoryStream())

{

using (var cryptoStream = new CryptoStream(memoryStream, encryptor, CryptoStreamMode.Write))

{

cryptoStream.Write(plainTextBytes, 0, plainTextBytes.Length);

cryptoStream.FlushFinalBlock();

// Create the final bytes as a concatenation of the random salt bytes, the random iv bytes and the cipher bytes.

var cipherTextBytes = saltStringBytes;

cipherTextBytes = cipherTextBytes.Concat(ivStringBytes).ToArray();

cipherTextBytes = cipherTextBytes.Concat(memoryStream.ToArray()).ToArray();

memoryStream.Close();

cryptoStream.Close();

return Convert.ToBase64String(cipherTextBytes);

}

}

}

}

}

}

 

private static byte[] Generate128BitsOfRandomEntropy()

{

var randomBytes = new byte[16]; // 32 Bytes will give us 256 bits.

using (var rngCsp = new RNGCryptoServiceProvider())

{

// Fill the array with cryptographically secure random bytes.

rngCsp.GetBytes(randomBytes);

}

return randomBytes;

}

 

Create new POS users:

POST /pos_users/users

{

"login_name":"123456",

"user_name":"John Smith",

"user_group":"team_members"

“date_of_birth”: “1990-01-25”

"pos_password": "uweda324%$qsw"

},

{

"login_name":"123457",

"user_name":"Jane Smith",

"user_group":"team_leaders"

“date_of_birth”: “1991-04-13”

"pos_password": "uwe76564%$ghf"

}

 

Modify a POS user:

PUT /Pos_users/users/123456

{

"user_name": "John Snow",

"user_group_id": 6,

"date_of_birth": "1985-11-25",

"primary_site_code": 32,

"alternative_site_codes": [11,950]

"pos_password": "uweda324%$qsw"

}

 

Delete a POS user:

DELETE /pos_users/users/123456

 

Retrieve an existing POS user:

GET /pos_users/users/123456

 

Retrieve a list of POS users:

POST /pos_users/users/search

{

"user_name": null,

"user_group_id": null,

"date_of_birth": null,

"primary_site_code": null,

"alternative_site_codes": null

}

 

Retrieve a list of POS user groups:

GET /pos_users/user_groups

Security Risk Profile

Financial Data 0: tax rates can be read.

Personal Data 0: no personal data is exposed.

Business Data 0: no business data is exposed.