Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

We are switching most of our services over to a different authentication API, please see Authentication Service (for selected services)

All services requires the client to include a token, acquired from the login service, in the header of the requestauthentication service. The token will be valid for a limited period of time, but valid for all requests during that time interval.

Authentication process

To authenticate with resources exposed by the API, it is required to sign in with the login service.
The authentication process is So this is done in two steps.:

  1. Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).

  2. Call resource in context with the TGT (re-usable as long as TGT is valid).

...

In a simplified way the process can be shown as follows

...

Login

To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.

URL

https://login.boknett.no/v1/tickets

Method

POST

Request
parameters

username

Required

Username for whom to sign in as.

password

Required

Password for whom to sign in as.

Response
headers

Location

DEPRECATED

Boknett-TGT

TGT returned from login service

Returns

201

Created

400

Bad Request

405

Method Not Allowed

Sample usage

Remember that curl does not automatically urlencode -d input data, so if you password has any special characters you nede to manually urlencode it first. 

Code Block
languagebash
curl  -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets


HTTP/1.1 201 Created
Date: Tue, 10 Jun 2014 16:23:42 GMT
Server: Noelios-Restlet-Engine/1.1..1
Location:.1
Accept-Ranges: bytes
Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Content-Length: 0
Via: 1.1 login.boknett.no

Logout 

For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.

URL

https://login.boknett.no/v1/tickets/{TGT}

Method

DELETE

Returns

200

OK

400

Bad Request

405

Method Not Allowed

Sample usage

Code Block
languagebash
curl  -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Accept-Ranges: bytes
Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 17:21:12 GMT
Server: Noelios-Restlet-Engine/1.1..1
Accept-Ranges: bytes
Content-Length: 0
Via: 1.1 login.boknett.no

Restrictions 

Restriction

Current value

Maximum age of Authorization token (TGT)

2 hours

Test environment

https://login.boknett.webbe.no/v1/tickets/