REST API
- Sam Fireman
Link for integration: Rest Doc (jotne.com)
Token Authentication: The API token is the concatenation of the Base64 encoded key, initialization vector and encrypted record ID. The key is the secret (symmetric) key for the AES algorithm. The initialization vector is the initialization vector for the AES algorithm. The record ID is the ID of the info record in the internal database. The record contains the user login, encrypted user password, token description and record creation timestamp.
When the user provides the API token, the application splits it to 3 parts and decode them. 2 first parts used to decrypt the record ID from the third part. The record ID used to find the info record. The user password from the info record will be decrypted with the 2 first parts of the API token. The user login and decrypted password will be used for the communication with the EDM server.
Â
The new service - POST /api/admin/token/
{api_token}
has to be used to login with API token. Each generated API tokens by the user are related to the user.
The API token will be shown only once right after generation. The API token description should be stored to identify the token in the list. In case the user will change the password - all API tokens of the user will be deleted. The login by the user's API token will be impossible after the deletion of the user.
Example:
Â