Getting a Token
To get a token, send a request to the TokenManagerService web service on the Spectrum OnDemand server. You can access the TokenManagerService WSDL here:
http://server:port/security/TokenManagerService?wsdl
This web service uses Basic authentication so you must include a valid Spectrum OnDemand user name and password in the request.
The TokenManagerService web service can issue two types of tokens. The token types are:
- Session token
- Open token
Getting a Session Token
A session token is tied to a user session and can only be used by the computer that requested the token. Since it is tied to a session, the token will become invalid if the session is inactive for 30 minutes. A session token is the most secure type of token and is the recommended token type to use to authenticate to Spectrum OnDemand.
TokenManagerService has two SOAP operations for getting a session token.
Operation | Description |
---|---|
getAccessExpiringToken |
Use this operation if you want to specify an expiration time for the token. Here is a sample request:
The element <tokenLifeInMinutes> specifies the number of minutes until the token expires, also known as the token time-to-live. In this example the token will expire in 60 minutes. Here is a sample response:
|
getAccessSessionToken |
Use this operation if you want to get a token that will not expire. Note that the token will still become invalid if the session is inactive for 30 minutes, even if the token has not expired. Here is a sample request:
Here is a sample response:
|
The response contains these elements:
- token
- The security token.
- session
- The session ID of the session that the token is tied to. The token will only be accepted if this session ID is included in the request. If running with a JavaScript application, you must include a withCredentials: true web request header to ensure the session ID is passed back and forth on all requests.
- username
- The Spectrum OnDemand user name used to obtain the token. The user name is returned for informational purposes only and is not needed when you use the token.
Getting an Open Token
An open token is not tied to either a user or a specific computer. It is the least-secure token type.
TokenManagerService has one SOAP operation for getting an open token.
Operation | Description |
---|---|
getAccessToken |
Use this operation to get an open token. Here is a sample request:
Here is a sample response:
|
The response contains these elements:
- token
- The security token.
- username
- The Spectrum OnDemand user name used to obtain the token. The user name is returned for informational purposes only and is not needed when you use the token.