Authentication Service (legacy)

We are switching most of our services over to a different authentication API, please see Authentication Service

All services requires the client to include a token, acquired from the authentication service. The token will be valid for a limited period of time, but valid for all requests during that time interval. So this is done in two steps:

  1. Authenticate a user and acquire a token called Ticket Granting Ticket (TGT).

  2. Call resource in context with the TGT (re-usable as long as TGT is valid).

In a simplified way the process can be shown as follows

Login

To authenticate with resources exposed by the API, it is required to sign in with the login service. This service is called to retrieve a valid TGT token.

URL

https://login.boknett.no/v1/tickets

Method

POST

Request
parameters

username

Required

Username for whom to sign in as.

password

Required

Password for whom to sign in as.

Response
headers

Boknett-TGT

TGT returned from login service

Returns

201

Created

400

Bad Request

405

Method Not Allowed

Sample usage

Remember that curl does not automatically urlencode -d input data, so if you password has any special characters you nede to manually urlencode it first. 

curl -i -d "username=USERNAME&password=PASSWORD" https://login.boknett.no/v1/tickets HTTP/1.1 201 Created Date: Tue, 10 Jun 2014 16:23:42 GMT Server: Noelios-Restlet-Engine/1.1..1 Accept-Ranges: bytes Boknett-TGT: TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no Content-Length: 0 Via: 1.1 login.boknett.no

Logout 

For security reasons it is recommended (although not required) to logout when finished using the TGT. This is not necessary for TGTs that are expired.

URL

https://login.boknett.no/v1/tickets/{TGT}

Method

DELETE

Returns

200

OK

400

Bad Request

405

Method Not Allowed

Sample usage

curl -X "DELETE" -i https://login.boknett.no/v1/tickets/TGT-152-leeshOABMDJE41s55z9WBLq7d7kk2ONUQozYHOF2FimxI5a9D9Z-login.boknett.no HTTP/1.1 200 OK Date: Tue, 10 Jun 2014 17:21:12 GMT Server: Noelios-Restlet-Engine/1.1..1 Accept-Ranges: bytes Content-Length: 0 Via: 1.1 login.boknett.no

Restrictions 

Restriction

Current value

Restriction

Current value

Maximum age of Authorization token (TGT)

2 hours

Test environment

https://login.boknett.webbe.no/v1/tickets/