Authentication Service

Revision History

All services requires the client to include a token, acquired from the authentication service. The token will be valid for a limited period of time, but valid for all requests during that time interval. So this is done in two steps:

1. Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).
2. Call resource in context with the TGT (re-usable as long as TGT is valid).

In a simplified way the process can be shown as follows

Login

To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.

Sample usage

curl -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets

HTTP/1.1 201 Created
Date: Tue, 10 Jun 2014 16:23:42 GMT
Server: Noelios-Restlet-Engine/1.1..1
Accept-Ranges: bytes
Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no
Content-Length: 0
Via: 1.1 login.boknett.no

Logout 

For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.

Sample usage

curl  -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no

HTTP/1.1 200 OK
Date: Tue, 10 Jun 2014 17:21:12 GMT
Server: Noelios-Restlet-Engine/1.1..1
Accept-Ranges: bytes
Content-Length: 0
Via: 1.1 login.boknett.no

Restrictions 

Test environment

https://login.boknett.webbe.no/v1/tickets/