Below is a list of what we need to integrate your authentication service with Pugpig, and we also have a general overview of how authentication works in Bolt.

This work is typically undertaken by Pugpig as part of a project, or under your support agreement. Post-launch maintenance of non-productised auth integrations is carried out under support, or is covered by your Enterprise agreement if you have one.

Before integration work can begin we need:

• Confirmation if you are using a web based authentication OAuth/PKCE flow for the sign step (which we strongly recommend) instead of a direct API call, you will also need to read and understand this document:

  https://docs.pugpig.com/en_US/360013591298-Web-based-authentication-integrations-in-Pugpig-apps-using-PKCE

• An HTTPS API that can be accessed from our Distribution platform. At a minimum we need:

  • if NOT using a PKCE flow the ability to send user credentials to the API (usually username/email and password as well as a unique device ID), with the API responding returning yes, no or more information about their entitlements. Ideally the login call returns a token, which can be used for subsequent calls to the API. This is called when a user signs into the app.
  • an entitlements endpoint that takes the user token and returns information about the users entitlements. This is called every time a user opens the app.
• High level documentation explaining the API. For example, explain if the system is access based (an active user gets all content) or issue/time based (an active user only gets a limited set of editions).
• Access to a working endpoint - this can be a staging or production endpoint. Production is safe as the integration only makes read only calls. It doesn't write or change any data
• An example of every kind of user you have (active/lapsed/blacklisted/print only/etc/etc)
• Any business rules explaining how we should interpret the responses, although hopefully most of this is handled by the origin subscription system
• Sessions times should be infinite, or otherwise very long, so that users do not get logged out
• If the endpoint is restricted by IP address, and Kaldor are doing the integration on the Clouds Distribution Platform, you'll need to open access to our IP addresses: https://docs.pugpig.com/urls-domains-and-linking/208008576-Distribution-Overview-Pugpig-IP-ranges