API Tokens is a special mechanism of the Web Services authentication designed for 3rd party integration. Unlike other available authentication approaches in UUX, such as OAUTH 2 token, the API Token mechanism does not require End-User interaction (to provide credentials for log in), which allows for it to be used in background processes, e.g. for cross process communications (example: Data Gateway communicates with SASM Services) or for interactions.
To setup a connection with Web Services using the API token approach, the valid API token needs to be present in the System. In Administration application, the "Integration / Web Service Tokens" area presents all the Tokens.
Run action "Generate New Token" to issue a new API Token.
Name, unique token name used to describe the purpose of the Token.
Expires at, specifies amount of days the token stays valid. Option "Never Expires" keeps the generated token always valid until the moment the API Token is deactivated or deleted.
User, defines the Person associated with the Token. After successful authentication with API Token, the System uses defined Person permissions for authorizing access to System resources.
Once the API Token is generated, the System displays the Token on the action result page.
The generated Token is not stored and available ONLY right after the generation on the Action result page. Therefore, it need to be copied and saved in a secure way somewhere for continuous use.
Example: Configure API Token for 3d Party integration
Use Case: The 3rd Party application "ExternalApp" needs to be allowed to call a single Web Service method in SASM
- Create a Person in SASM, with name "ExtenalApp".
- Change the Audience of the needed Web Service Method to grant access for the "ExtenalApp" user
- Create API token for the "ExtenalApp" user
- Use the generated Token in external application
Using API Token for Web Service call
The SolutionBuidler uses Access Token to authenticate each Service request. To obtain the Access Token the API Token has to be exchanged using a dedicated Web Service call:
POST /m42Services/api/ApiToken/GenerateAccessTokenFromApiToken/? HTTP/1.1 Host: server.example.com Authorization: Bearer $ApiToken
The Access Token is issued for a short period of time, which allows mitigating risks when the API Token has been compromised.
For more information, see the how to Generate and Use API token article.