Skip to main content
Matrix42 Self-Service Help Center

How to make a Web Service method call


The SASM application delivers rich REST Services API. And in many cases the existing Web Services need to be requested outside of the UUX application, when OAUTH token is not available. The System provides two alternative approaches for authenticating the Web Service Requests, using Basic Authentication or Web Service API Tokens

Basic Authentication

The approach is very simple to use but highly not recommended, as it is very vulnerable from the Security perspective, because the full login credentials (login name and password) are stored on client side, and could be compromised. 

To authenticate with Basic Authentication the HTTP Request Header has to have property Authorization with value 'Basic username:password'. The following example demonstrates call of Workflow Resume operation using Basic Authentication

var xmlhttp = new XMLHttpRequest();'GET', 'http://localhost/M42Services/api/workflow/resume?objectId=fcfd3ca2-ec21-4846-874c-d6c4f27ffb97', true);
xmlhttp.setRequestHeader('Authorization', 'Basic ' + 'XNtXWTZESvdmlldjpnZmhqS20hMQ=='  /*btoa("username:password)*/);

Use API Token 

The more secure and recommended way to authenticate Web Service call is using API Tokens. The example uses Javascript to demonstrate the flow of Tokens, but absolutely the same ways it can be done with any other programming language

Step 1: Generate API Token

Issue API token in UUX and store it on client. See more details on Web Service API Token.

Step 2: Exchange API token to Access Token

API Token is used only for getting Access Token, which is used for authenticating each Web Service call.

var xmlhttp = new XMLHttpRequest();'POST', 'http://{serverurl}/M42Services/api/ApiToken/GenerateAccessTokenFromApiToken/', true);
xmlhttp.setRequestHeader("Content-Type", "application/json");
xmlhttp.setRequestHeader('Authorization', 'Bearer ' + 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ1bmlxdWVfbmFtZSI6ImF0aW50ZXJuYWxcXGF0ZW5kdXNlciIsIm5hbWVpZCI6ImF0aW50ZXJuYWxcXGF0ZW5kdXNlciIsImlzcyI6Imh0dHBzOi8vc3RzLm1hdHJpeDQyLmNvbSIsImF1ZCI6InVybjptYXRyaXg0MkFwaSIsImV4cCI6MTU2MDQ5NzcyMiwibmJmIjoxNTI4OTYxNzIyfQ.KPRlkVooufH0sFVIIHGa38m3kYSNTXrOJdiFB8VSQNM');

 Step 3: Use Access Token for Web Service Call

xmlhttp.onreadystatechange = function() {
  if (this.readyState == 4 && this.status == 200) {
        var svchttp = new XMLHttpRequest();'GET', 'http://{serverurl}/M42Services/api/workflow/resume?objectId=fcfd3ca2-ec21-4846-874c-d6c4f27ffb97', true);
        svchttp.setRequestHeader('Authorization', 'Bearer' + JSON.parse(this.responseText).RawToken);
    else {
        console.log('Not valid or disabled API token')


  • Was this article helpful?