Web Service Authentication
Spectrum™ Technology Platform web services require requesters to authenticate with valid user credentials. There are two methods for authenticating: Basic authentication and token-based authentication.
Basic Authentication
With Basic authentication, the user ID and password are passed to Spectrum™ Technology Platform in the HTTP header of each request to the web service. Basic authentication is allowed by default, but your administrator may choose to disable Basic authentication. If Basic authentication is disabled you must use token-based authentication to access web services.
Token-Based Authentication
With token-based authentication, the requester obtains a token from the Spectrum™ Technology Platform server, then uses the token when sending a request to the web service. Instead of sending user credentials in each request, the token is sent to the server and the server determines if the token is valid.
The following diagram illustrates the process:
- Obtain a token from the Spectrum™ Technology Platform server by sending a request to the token manager service.
- The token manager service issues a token. If you requested a session token it also issues a session ID.
- Send a request to the desired web service with the token in the HTTP header. For session tokens, include the session ID in the HTTP header.
- The web service issues a response. You can use the token to make additional web service requests to either the same web service or any other web service on the Spectrum™ Technology Platform server. There is no limit to the number of web service requests you can make with a token, but if the token has an expiration limit (also known as a time-to-live) it will become invalid after the time-to-live has elapsed. If the token is a session token, it will become invalid after 30 minutes of inactivity.
- When the token is no longer needed you should log out by sending a request to the token logout web service. This will remove the token from the list of valid tokens on the Spectrum™ Technology Platform server.