Web API: Token: Difference between revisions

From QPR ProcessAnalyzer Wiki
Jump to navigation Jump to search
No edit summary
mNo edit summary
Line 3: Line 3:
The token request is following:
The token request is following:
<pre>
<pre>
Url: POST api/token
Url: POST qprpa/api/token
Content-Type: application/x-www-form-urlencoded
Content-Type: application/x-www-form-urlencoded
Body (form data with username, password and grant_type properties):
Body (form data with username, password and grant_type properties):
Line 11: Line 11:
When using SAML 2.0 authentication, instead of the password, the url needs to have a ''samlhash'' parameter (value for it has been received earlier using [[Web_API:_Samlsignin|/api/samlsignin]]):
When using SAML 2.0 authentication, instead of the password, the url needs to have a ''samlhash'' parameter (value for it has been received earlier using [[Web_API:_Samlsignin|/api/samlsignin]]):
<pre>
<pre>
Url: POST /token?samlHash=<samlhash>
Url: POST qprpa/api/token?samlHash=<samlhash>
</pre>
</pre>



Revision as of 23:32, 17 February 2022

Token operation is used to login a user, either using username and password, or as part of the SAML 2.0 authentication using the previously fetched samlhash. An access token is returned as a response, which is used to identify the session in the following Web API interactions.

The token request is following:

Url: POST qprpa/api/token
Content-Type: application/x-www-form-urlencoded
Body (form data with username, password and grant_type properties):
username=myUserName&password=myPassword&grant_type=password

When using SAML 2.0 authentication, instead of the password, the url needs to have a samlhash parameter (value for it has been received earlier using /api/samlsignin):

Url: POST qprpa/api/token?samlHash=<samlhash>

Note that the path doesn't contain api, unlike other operations in the Web API. Example url: https://customer.onqpr.com/qprpa/token.

Request body contains the following parameters as url encoded:

  • username: Login name of the user
  • password: User password (empty when using SAML 2.0 authentication)
  • grant_type: use always "password"

The response contains the following fields:

  • access_token: contains the access token (session id).
  • globalPermissions: Global permissions of the user as comma separated list.
  • serverVersion: Version of the QPR ProcessAnalyzer server.
  • token_type: contains always "bearer"
  • userSettings: All user-specific settings in stringified JSON format. Contains the following settings:
    • uiLanguage: UI language of the user.
    • dateFormat: The date time format used to present dates.
    • firstDayOfWeek: The first day of the week shown in e.g. calendars. 0 is Sunday and 1 is Monday.
    • use12HourClock: Whether the 12-hour clock is used when presenting time information.