We are switching most of our services over to a different authentication API, please see Authentication Service (for selected services)
All services requires the client to include a token, acquired from the login service, in the header of the requestauthentication service. The token will be valid for a limited period of time, but valid for all requests during that time interval.
Authentication process
To authenticate with resources exposed by the API, it is required to sign in with the login service.
The authentication process is So this is done in two steps.:
Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).
Call resource in context with the TGT (re-usable as long as TGT is valid).
...
In a simplified way the process can be shown as follows
...
Login
To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.
URL |
| ||
---|---|---|---|
Method | POST | ||
Request | username | Required | Username for whom to sign in as. |
password | Required | Password for whom to sign in as. | |
Response |
Location
Boknett-TGT | TGT returned from login service | ||
Returns | 201 | Created | |
---|---|---|---|
400 | Bad Request | ||
405 | Method Not Allowed |
Sample usage
Remember that curl does not automatically urlencode -d input data, so if you password has any special characters you nede to manually urlencode it first.
Code Block | ||
---|---|---|
| ||
curl -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets HTTP/1.1 201 Created Date: Tue, 10 Jun 2014 16:23:42 GMT Server: Noelios-Restlet-Engine/1.1..1 Location:.1 Accept-Ranges: bytes Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no Content-Length: 0 Via: 1.1 login.boknett.no |
Logout
For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.
URL | https://login.boknett.no/v1/tickets/{TGT} | ||
Method | DELETE | ||
Returns | 200 | OK | |
400 | Bad Request | ||
405 | Method Not Allowed |
Sample usage
Code Block | ||
---|---|---|
| ||
curl -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no Accept-Ranges: bytes Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no HTTP/1.1 200 OK Date: Tue, 10 Jun 2014 17:21:12 GMT Server: Noelios-Restlet-Engine/1.1..1 Accept-Ranges: bytes Content-Length: 0 Via: 1.1 login.boknett.no |
Restrictions
Restriction | Current value |
---|---|
Maximum age of Authorization token (TGT) | 2 hours |
Test environment
https://login.boknett.webbe.no/v1/tickets/