CASE STUDY

Cyrious Control API with Basic Auth, OAuth & ADFS

Unlocked programmatic access to Control data, enabling a new generation of integrations

Platform: Cyrious Control (Print MIS)

Technology: REST API, Basic Authentication, OAuth 2.0, ADFS, .NET Core / C#

OVERVIEW

Cyrious Control is a powerful print management information system, but its data was largely locked inside, only accessible to operators through its own interface and not easily reachable by external applications, automation scripts, or web tools. Building an API layer was key to enabling a range of downstream projects.

THE CHALLENGE

The API needed to support multiple authentication patterns to serve different consumers: simple Basic Auth for limited, but trusted, connections, OAuth 2.0 for web application flows, and ADFS integration through OpenID (OIDC) so that company employees could authenticate with their existing Windows credentials. Each authentication path had different security requirements and token lifecycles.

THE SOLUTION

A REST API was designed and built to expose only the function-specific Control data and operations needed: orders, customers, jobs, pricing, and status updates. The API was structured around clear resource endpoints serving specific applications. Basic authentication was implemented first as a baseline, validating credentials against a service account for services that required it, and was then limited to specific endpoints. OAuth 2.0 was added to support the authorization code flow for web clients and more modern services, with refresh token handling and appropriate scope definitions. ADFS integration was then layered in, allowing users to authenticate via the corporate identity provider and receive tokens that the API would validate against ADFS claims. Token introspection and user claim mapping ensured that authorization decisions were consistent across all three auth paths. Logging was built in from the start.

RESULTS

What it delivered

REFLECTION

Building auth right from the beginning, rather than retrofitting it, made every subsequent project that consumed this API significantly easier to build and more secure. The decision to invest in ADFS integration early paid off in every web-facing tool built on top of it.

Have a similar project in mind?

Let’s talk about what you’re trying to build.