Authentication
Quick navigation
POST Auth/SignAppin
Purpose
Authenticates the provided credentials and creates a user session.
Required permissions
A user group to which the user belongs must be granted access to the API key given in authorization header. Must be running script from a valid source address as configured in API registration for the given API key.
Request body
None.
Response body
Content-Type: application/json
{ UserId: int, SID: string, EmailAddress: string, UserName: string, Name: string }
Response codes
- 200 – Request successful. User model in the response body.
- 403 – Access forbidden. Returned if the Password Safe license is not valid.
- 410 – API version has been disabled.
For more information, please see Common response codes.
POST Auth/Signout
Purpose
Terminates the current user session.
Required permissions
None.
Request body
None.
Response body
None.
Response codes
- 200 – Request successful.
For more information, please see Common response codes.
OAuth public API authentication
POST Auth/Connect/Token
Purpose
Authenticates the provided credentials and allows access to the public API.
Required permissions
Application user must be associated to an API Access Policy API registration and must belong to a user group with necessary permissions.
Request body
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials&client_id=[user-client-id]&client_secret=[user-client-secret]
Response body
Content-Type: application/x-www-form-urlencoded
{ access_token: string, expires_in: int, token_type:string = “Bearer”, scope: string }
Response body details
- access_token: The privileged credential to use in the Authorization header for API requests to authenticate the use.
- expires_in: Lifetime (in seconds) that the token is valid.
- token_type: Describes the access token (always Bearer).
- scope: Describes the scope of the access token, which is what the token is allowed to perform. For application users, this consists of only a scope called publicapi.
POST Auth/SignAppIn
Request body
None .
Header
Authorization: Bearer [access_token]
Cookies are still supported using this sign-in method.