Web Service Authentication
Spectrum OnDemand web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.
Basic authentication
With Basic authentication, the user ID and password are passed to Spectrum OnDemand in the HTTP header of each request to the web service. Basic authentication is allowed by default, but your administrator may choose to disable Basic authentication. If Basic authentication is disabled you must use token authentication to access web services.
Authentication by token
With authentication with a token, the requester obtains the token from the Spectrum OnDemand server, then uses it when sending a request to the web service. Instead of sending user credentials in each request, the token is sent to the server and the server determines if the token is valid.
The diagram below illustrates the process:
- Obtain a token from the Spectrum OnDemand server by sending a request to the token manager service.
- The token manager service issues a token. If you requested a session token it also issues a session ID.
- Send a request to the desired web service with the token in the HTTP header. For session tokens, include the session ID in the HTTP header.
- The web service issues a response. You can use the token to make additional web service requests to either the same web service or any other web service on the Spectrum OnDemand server. There is no limit to the number of web service requests you can make with a token, but if the token has an expiration limit (also known as a time-to-live) it will become invalid after the time-to-live has elapsed. If the token is a session token, it will become invalid after 30 minutes of inactivity.
- When the token is no longer needed you should log out by sending a request to the token logout web service. This will remove the token from the list of valid tokens on the Spectrum OnDemand server.