Skip to content

Security Authentication

Jump to bottom Edit New page
Ross Jones edited this page Mar 1, 2016 · 4 revisions

#Summary

Authenticates a user with the provided username and password and returns an access token

#Parameters

value | Authentication model

#Supported HTTP Methods

##POST

A note on security: Currently the API leverages of the ASP.net security providers. This requires that you obtain an “.ASPXFORMSAUTH” cookie which you will be required to append to each subsequent request. The cookie is valid for a period of 20 minutes on a sliding scale. i.e. If you do not make a request within 20 minutes of obtaining the cookie or after a previous request the cookie will become invalid. You will need to obtain a new cookie in order to perform subsequent requests. The remaining part of this section will show how to obtain the cookie. The authentication mechanism will eventually be replaced using OAUTH.

In order to obtain the security cookie you will need to perform an HTTP POST to the following resource:

POST http://rest.trackmatic.co.za/api/v1/core/security/authenticate?clientId=88 HTTP/1.1
Content-Type: application/json
Host: rest.trackmatic.co.za
Content-Length: 64
Expect: 100-continue
Connection: Keep-Alive

{
  "Username": "******",
  "Password": "******"
}

Where the “username” and “password” parameters are the same username and password used to access the various systems, i.e. CURO, Vortex etc.

If the username and password are valid the response will appear as follows:

#JSON

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: application/json
Set-Cookie: .ASPXFORMSAUTH=7B5C5813FA6E94C204CC4B73787EA837E93E4A20E6310ABC2BC8070E4A3528E5CB596957E30736CDE87F6FFA6168F0AB0716286983DDE4E955785D46E65E66D5AFF23B74BAEED05289066106F44432D97D2200D9618D13064AB0CEACF8C26760F54ED0A2754CD2F89852F1B4E7D0BAB51E979E78D5FA9F7054FE06DEC3ECA1EE8EB0F472; domain=.tmdev.co.za; path=/; HttpOnly

11b
{
"Value":     "7B5C5813FA6E94C204CC4B73787EA837E93E4A20E6310ABC2BC8070E4A3528E5CB596957E30736CDE87F6FFA6168F0AB0716286983DDE4E955785D46E65E66D5AFF23B74BAEED05289066106F44432D97D2200D9618D13064AB0CEACF8C26760F54ED0A2754CD2F89852F1B4E7D0BAB51E979E78D5FA9F7054FE06DEC3ECA1EE8EB0F472"
}
0

Each subsequent call to the API must contain the content of the “Value” field in the cookie header as follows:

Cookie: .ASPXFORMSAUTH= B77EB0C6219B6D8AD9F5460B1D8759FA938A1F91E6C67637F46B482067FBB0BBC533595255850BC628589CB1BCBCCE2F1E8468E131266F34D4EA169A0E4C511601A7586F982297843CC2156E3B422CF7D4992A1C1ED1765838468924A4C8C73D30ADDDAE5F961124530657AEE599DA51299EA8D00AE457D9052A2C0BED9DF89FDBDD6A58
Add a custom footer
Add a custom sidebar
Clone this wiki locally