Skip to main content

Elvis 6 REST API - API login


Do you have corrections or additional information about this article? Leave a comment!
Do you have a question about what is described in this article? Please contact Support.


  • Steffen Bollermann

    For how many calls / for how long can I use the Bearer? (e.g. Will it get inactive after 10 mins of not making another POST call?)

  • Oleksiy Cherkasov

    Hello Steffen
    Bearer active for next 30 minutes after apilogin (can be configured using session.timeout config property)
    You can do any number of calls
    Doing a call will not auto prolongs Bearer expiration time

  • Jan Kampling

    I like to do some API testing with Postman. But I already can not get on with the login.

    I'm getting follwering errors

    "loginSuccess": false,
    "loginFaultMessage": "Api login originates from a browser.",
    "serverVersion": "",
    "authToken": null
    [09:05:48,431] [89555295-435] WARN - Attempt to login like API client from user:'userapi'/ip:'xyz' is forbidden.
    What could I do to change this behavior?
  • Vincent Bergervoet

    Hello Jan,

    The API-login is not meant to be called from browser-like environments like Postman.

    For testing the API with Postman, you may want to use the regular login api:

  • Sergei Golikov


    Сontrary to the article and Jan Kampling's results, I'm able to login with /services/apilogin using Postman and Pro User license. Elvis server v Are there any changes in this version?

  • Vincent Bergervoet

    Hello Sergei,

    Pro user and other user types are allowed to use the Api Login call, but they will not be allowed multiple API sessions.
    There is no change with 6.43 in license handling. We will reword the Note to be an advice instead of requirement.

    Regarding postman working on your end is due to headers it does or doesn't send with the call.
    Look into Postman configuration documentation to know more about headers sent.


  • Craig Cardillo

    Does the use of alive.txt to keep the session alive work when using /services/apilogin ?

    When using a standard login (/services/login) using an API client I am able to extend the login using alive.txt as referenced here:
    But when using /services/apilogin alive.txt does not seem to be extending the session (unless it needs to be called differently). Is there a method to keep apilogin sessions active?

  • Maarten van Kleinwee

    Hi Craig, 

    I have turned your question into a ticket for our Support team.
    They will reply to you via that ticket.

    Best regards,

    Maarten van Kleinwee
    Senior Technical Writer, WoodWing Software


Please sign in to leave a comment.