Web Service Authentication
Spectrum™ Technology Platform web services require requesters to authenticate with valid user
credentials. There are two methods for authenticating: Basic authentication and
With Basic authentication, the user ID and password are passed to Spectrum™ Technology Platform in the HTTP header of each request to the web service. Basic
authentication is allowed by default, but your administrator may choose to disable
Basic authentication. If Basic authentication is disabled you must use token-based
authentication to access web services.
With token-based authentication, the requester obtains a token from the Spectrum™ Technology Platform server, then uses the token when sending a request to the web
service. Instead of sending user credentials in each request, the token is sent to
the server and the server determines if the token is valid.
The following diagram
illustrates the process:
- Obtain a token from the Spectrum™ Technology Platform server by sending a
request to the token manager service.
- The token manager service issues a token. If you requested a session token it
also issues a session ID.
- Send a request to the desired web service with the token in the HTTP header. For
session tokens, include the session ID in the HTTP header.
- The web service issues a response. You can use the token to make additional web
service requests to either the same web service or any other web service on the
Spectrum™ Technology Platform server. There is no limit to the number of web
service requests you can make with a token, but if the token has an expiration
limit (also known as a time-to-live) it will become invalid after the
time-to-live has elapsed. If the token is a session token, it will become
invalid after 30 minutes of inactivity.
- When the token is no longer needed you should log out by sending a request to
the token logout web service. This will remove the token from the list of valid
tokens on the Spectrum™ Technology Platform server.