ChangelogGuidesRecipesAPI ReferenceBlogYoutube
Guides
START FREE TRIALSCHEDULE A DEMO
Start typing to search…

Tecnavia

The Pelcro–Tecnavia integration enables single sign-on (SSO) from Tecnavia e-Edition properties to Pelcro-managed subscriber accounts using a token-based (JWT) workflow. Tecnavia makes a server-to-server POST to Pelcro; Pelcro validates the token, enforces site access, and returns an XML result Tecnavia expects (e.g., <LOGIN>...). This aligns with Tecnavia “Option 3 – API / 3rd party login” (server-to-server verification with XML replies).

When to Use

Use this integration if you:

  • Want real-time auth against Pelcro (no CSV/file uploads).
  • Already manage subscribers in Pelcro and need Tecnavia to defer to Pelcro for access decisions.
  • Prefer a token (JWT) flow over Tecnavia’s legacy username/password+MD5 variant (Pelcro implements the token form; no MD5 password exchange is required).

Endpoint

POST /v1/core/authenticate/tecnavia

Purpose: Validate a Tecnavia-provided token, check site-level permissions, and return an XML <LOGIN> response.

Request

Parameters

NameRequiredTypeNotes
tokenYesStringJWT to be validated by Pelcro. Encodes/identifies the Pelcro user.
site_idNoStringIf present, auth is validated against this Pelcro site; otherwise Pelcro uses the user’s first associated customer site.

Transport: Server-to-server POST from Tecnavia to Pelcro. (This mirrors Tecnavia Option 3’s server-to-server verification model.)

Example (form-encoded)

curl -X POST https://api.pelcro.com/v1/core/authenticate/tecnavia \
  -H 'Content-Type: application/x-www-form-urlencoded' \
  --data-urlencode 'token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9...' \
  --data-urlencode 'site_id=1234'

Processing (Pelcro Core)

  1. Token validation (JWT)

    • Verify the JWT via JWTAuth.
    • Extract Pelcro user_id; fetch the user.

  2. Site access control

    • If site_id given: verify user has access to that site.
    • If omitted: default to the user’s first associated customer site.
    • Enforce permissions via Laravel Gate (API read access).

  3. Response generation (XML)

    • Return <LOGIN> XML reflecting auth outcome and, if successful, user info.
    • Appropriate HTTP status codes on error.

Response (XML)

Pelcro returns XML in the structure Tecnavia’s Option 3 expects (server-to-server “LOGIN” verification).

Success

<?xml version="1.0"?>
<LOGIN>
  <TOKEN>REQUEST_TOKEN_ECHOED_OR_SESSION_TOKEN</TOKEN>
  <UNIQUE_USER_ID>pelcro_user_id</UNIQUE_USER_ID>
  <EMAIL>[email protected]</EMAIL>
  <USERNAME>John Doe</USERNAME>
  <IS_LOGGED>Yes</IS_LOGGED>
  <FOD>1111100</FOD>
</LOGIN>
  • TOKEN: Echo of the incoming token or session identifier expected by Tecnavia.
  • UNIQUE_USER_ID: Stable Pelcro user identifier (mapped to Tecnavia’s UNIQUE_USER_ID).
  • EMAIL, USERNAME: Optional display fields for Tecnavia UI.
  • IS_LOGGED: Yes / No / 2Many (too many concurrent logins per Tecnavia spec).
  • FOD: 7-char binary string (Sun→Sat). 1 = delivery; 0 = no delivery. Example: 1111100 = Sun–Thu delivery.

Failure

<?xml version="1.0"?>
<LOGIN>
  <TOKEN></TOKEN>
  <UNIQUE_USER_ID></UNIQUE_USER_ID>
  <IS_LOGGED>No</IS_LOGGED>
</LOGIN>

This mirrors Tecnavia’s “invalid/expired token” example.

HTTP Status Codes

CodeMeaningTypical Cause
200OKToken valid; XML <LOGIN> with IS_LOGGED=Yes.
400Bad RequestMissing token.
401UnauthorizedInvalid/expired JWT.
403ForbiddenUser lacks access to site_id (or no eligible site).
404Not FoundUser referenced by token not found.
500Server ErrorUnhandled error during verification.

Field Mapping (Pelcro → Tecnavia)

Tecnavia XML FieldPelcro SourceNotes
TOKENRequest token (echo) or Pelcro session tokenEcho recommended per Tecnavia flow.
UNIQUE_USER_IDPelcro user IDStable identifier Tecnavia will reference.
EMAILPelcro user emailOptional but useful for Tecnavia UI.
USERNAMEPelcro name / usernameOptional.
IS_LOGGEDResult flagYes/No/2Many (per Tecnavia).
FODDerived from subscription7-bit schedule string Sun→Sat.

Security Notes

  • JWT validation: Standard signature/expiry checks.
  • Authorization: Site-scoped via Laravel Gate before granting access.
  • No password exchange: Pelcro does not implement Tecnavia’s MD5+seed password variant; use the token (JWT) approach of Option 3.

Tecnavia Context & Compatibility

  • Option 3 – API / 3rd party login: Tecnavia initiates a server-to-server POST and expects an XML <LOGIN> reply with fields shown above (examples and DTD in Tecnavia docs).
  • Option 2 – File transfer: CSV/TXT batch provisioning is not part of this Pelcro integration (Pelcro focuses on real-time auth).
  • Redelivery tokens: Tecnavia supports “redelivery” date-scoped tokens. Out of scope for Pelcro’s endpoint, but compatible as long as Tecnavia still calls the Pelcro auth endpoint to validate access.

Example: Minimal Integration (Tecnavia → Pelcro)

  1. User signs in on publisher site (Pelcro manages identity).
  2. Tecnavia requests: POST /v1/core/authenticate/tecnavia with token (JWT) and optional site_id.
  3. Pelcro responds with <LOGIN> XML.
  4. Tecnavia grants/denies e-Edition based on IS_LOGGED and optional FOD/user fields.

Changelog

  • v1.0 — Initial publication: JWT-based Option-3 compatibility, XML <LOGIN> responses, site-scoped authorization.

Updated 7 days ago