Revision History
Date | Version | Changes |
---|---|---|
2014-09-17 | 1.01 | Error in service URL in table corrected and logout information added. |
2014-06-12 | 1.0 | Created |
We are switching most of our services over to a different authentication API, please see Authentication Service (for selected services)
All services requires the client to include a token, acquired from the authentication service, in the header of the request. The token will be valid for a limited period of time, but valid for all requests during that time interval.
Login
To authenticate with resources exposed by the API, it is required to sign in with the login service.
The authentication process So this is done in two steps.:
Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).
Call resource in context with the TGT (re-usable as long as TGT is valid).
In a simplified way the process can be shown as follows
...
Login
To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.
URL |
| ||
---|---|---|---|
Method | POST | ||
Request | username | Required | Username for whom to sign in as. |
password | Required | Password for whom to sign in as. | |
Response |
Location
Boknett-TGT | TGT returned from login service | ||
Returns | 201 | Created | |
400 | Bad Request | ||
405 | Method Not Allowed |
Sample usage
Remember that curl does not automatically urlencode -d input data, so if you password has any special characters you nede to manually urlencode it first.
Code Block | ||
---|---|---|
| ||
curl -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets
HTTP/1.1 201 Created
Date: Tue, 10 Jun 2014 16:23:42 GMT
Server: Noelios-Restlet-Engine/1.1..1
Location: https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Accept-Ranges: bytes
Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Content-Length: 0
Via: 1.1 login.boknett.no |
Logout
For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.
URL | https://login.boknett.no/v1/tickets/{TGT} | ||
Method | DELETE | ||
Returns | 200 | OK | |
400 | Bad Request | ||
405 | Method Not Allowed |
Sample usage
Code Block | ||
---|---|---|
| ||
curl -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no HTTP/1.1 200 OK Date: Tue, 10 Jun 2014 17:21:12 GMT Server: Noelios-Restlet-Engine/1.1..1 Accept-Ranges: bytes Content-Length: 0 Via: 1.1 login.boknett.no |
Restrictions
Restriction | Current value |
---|---|
Maximum age of Authorization token (TGT) | 2 hours |
Test environment
https://login.boknett.webbe.no/v1/tickets/