design. develop. deploy.

How to generate a Web or Remote Application Access Token?

The following process describes how to get an access token for development environment for either a Web Application (one that runs on the device panel using the Web Browser NX application) or a Remote Application (one that runs on a host external to the Ricoh device). Be sure you know which one you are developing before reading further.
 
This FAQ intended to augment the details published in the development kit documentation at Common Information > Development Guide > WebAPI Guide > 02. Application Form of Using WebAPI. If the information provided here differs from the published documentation the published documentation shall be considered correct.
 
Example commands assume you have a supported version of a JDK installed on any platform such that you can run Java from the command line. We recommend Java 8 Corretto. It is not recommended to use Java earlier than Java 7, or later than Java 9. How to run Java from the command line is not covered in this document.

Step 1: Determine the type of token and reserve a Product ID

The application we are generating a token for can be one of two types: Web Application, Remote Application. The tokens come in three flavours: Development, Production, Beta. Every application needs a Product ID, a unique identifier reserved by an organization and tracked by RiDP.

Application Type

Specify which of the application types we should generate a token for:

  1. Web Application (an application deployed to a device and run via Web Browser NX)
  2. Remote Application (an application deployed to an external host)

Deployment Type

Specify if a token is to be generated for either Development or Production use. Development tokens can be used for app deployment to up to 20 devices, identified by device serial number. Production tokens are unrestricted, except for having an expiry date. RiDP can also provide Beta tokens, which are otherwise the same as production tokens, only with a 60-day expiry.

Production tokens require that the application passes a round compatibility testing before they can be issued.

Reserve a Product ID

A Product ID can be determined in one of two ways:

  1. By fetching an existing Remote Product ID or
  2. By issuing a new Product ID Request for either a Remote or Web Browser NX SmartSDK Application Type.

Please note: Product IDs are tied to the application type. When reserving or re-using Product IDs those created for Web Applications can only be used to make Web Application tokens, and it is the same for Remote Application Product IDs.

Step 2: Create a key pair

First, create a key pair (public and private keys). An easy way to do this is to leverage the material in AccessTokenSampleApp.zip or AccessTokenSampleApp2.zip (located in the Ricoh SmartSDK resource CD in the sample folder), running the following command:
 
java -jar AccessTokenSampleApp.jar -k

Please note: never share the private key generated with this command with any third-party, including RiDP. If anyone at Ricoh requests key information, Ricoh will only ever request the public key.

Step 3: Collect application information and provide it to RiDP

Once you have successfully created these keys, create an RiDP incident with the following information ("*" means this value is required; "×" means this value may be required depending on the token type):
  • Product ID*
    • The Product ID reserved earlier.
  • Vendor Name*
    • Company or organization name as a UTF-8 string of 128 character or less.
    • This does not have to match the same organization name as the one registered with RiDP.
  • Application Type*
    • The type of application.
    • Specify one of “Web Application” (an application that runs on the device via Web Browser NX) or “Remote Application" (an application that is served from a host external to the Ricoh device).
  • Public Key*
    • The 2048-bit RSA public key, BASE64 encoded (PEM) data from the keypair created earlier.
    • You may attach the public key file in PEM format, or provide the PEM data from the file as text.
  • Expiration Date
    • Expiration date of application.
    • Please specify the date in yyyyMMdd format. e.g., "20351112" for November 12, 2035.
    • If not provided a date will be provided based on the token type:
      • Development: 1 year from the current date, plus 1 month
      • Beta: 60 days from the the current date
      • Production 2 years from the current date, plus 1 month
    • RiDP may adjust this at our discretion.
  • Device Serial Number×
    • Required for a Development token request only. Not required for Production or Beta tokens and will be ignored.
    • The serial number(s) of the application development device(s) as displayed in WIM. At least one must be provided.
    • If supporting more than one development device is required, the serial numbers should be provided using multiple Device Serial Number lines.
    • Up to 20 serial numbers can be specified.
  • Application/Product Name×
    • Required for "Web Application" types only.
    • This is the "title" when presenting your app in the browser.
    • The name of Web application as a UTF-8 string.
    • Can contain whitespace.
    • Must be 128 characters or less.
  • URL Location×
    • Required for "Web Application" types only.
    • This is the path component of the application URL with a leading and trailing slash.
    • e.g.: for URL such as "http(s)://[domain name]:[port number]/app/path/" this would be "/app/path/".
    • The location may end with an "*" to indicate that all subpaths under this URL are accepted by the web application.
    • This value should only contain plaintext ASCII characters and must be 128 characters or less.
    • Refrain from using whitespace in the location.
  • Function
    • Optional for "Web Application" types only.
    • Specifies the function(s) the Web application uses as comma-separated values.
    • Provide one or more of the following, separated by commas: scan, printer, copy, fax, auth
    • All functions become available if this parameter is not specified.
  • Target SmartSDK Version
    • The SmartSDK version for development.
    • This is a legacy value that can almost always be omitted for best device compatibility.
    • Defaults to v1.02.

Step 4: Use the resulting token files

Once we have this application and public key information we can create a certificate and token for your application, and provide a zipfile that will contain a key.cer and a token.txt file. You can then use the following command to decrypt the token.txt file and create the access token:
 
java -jar AccessTokenSampleApp.jar -f key.cer token.txt

If successful, this will create token.cer file. This is the access token that can be used in your web or remote application.

Lastly, integrate your access token (generated file from last command) into your web or remote application as described in the development kit documentation. See: Web Browser NX > Development Guide > Design > 14. Embedding Access Token

FAQ Subject
SmartSDK
Faq Category
Application Signing

Main Menu