4. Getting started

4.1. 3rd-party authorization and authentication

SmartBL platform uses OAuth for authentication. Each application is issued a custom client_id and client_secret which it uses then to identify itself against the SmartBL application and authorize users.


Please keep these credentials safe. If credentials are compromised an attacker may be able to retrive documents, change and add users and CargoX might not be able to detect or influence this.

The attacker, however, won't be able to change the document ownership, as this requires a blockchain key.

Users are identified based on their private keys and/or username and password. The basic workflow (for registered users) is defined below.


Certain calls still require a signature with a private key no matter how the user was logged in – for example transferring a document requires signing a challenge. Please bear in mind that not all users will require private keys – for example if the user is only viewing the documents, no private key is necessary.