/services/apilogin |
What does it do?
This API is aimed at pure API clients and cannot be called from a Web browser. It makes it easier to create integrations than the REST API - Login (through /services/login) which returns the response in a cookie. Also, consecutive calls do not require a CSRF token.
Notes:
|
Parameters
username |
The user name of the user. Required. |
password |
The password of the user. Required. |
clientId |
Tracks the check-out of an asset to a specific client. Only that client will be able to check in the asset. Typically a client will generate a UUID once, store it locally and then pass it with every log-in action. When not specified, client check-outs will not be tracked with a client id. Optional, only required when your client performs check-outs and check-ins. |
Return value
The service returns a JSON response with the following information:
loginSuccess |
true | false Indicates if the log-in action was successful. |
|
serverVersion | The version of Elvis Server that was logged in to. | |
loginFaultMessage | A message indicating why a log-in action failed. Only returned when loginSuccess is false. | |
authToken |
Authentication token. This token should be attached to each next call in the "Authorization" header with "Bearer" type for any next GET or POST calls. A CSRF token is not required in this case. Only returned when loginSuccess is true.
|
Examples
Successful login
The following shows the response of a successful authentication attempt.
POST http://demo.elvisdam.com/services/apilogin ?username=guest &password=guest |
{
"loginSuccess": true,
"serverVersion": "6.3.0.1",
"authToken": "eyJhbGciOiJIUzUxMiIsInppcCI6IkRFRiJ9.eNp8U9luozAU_Rc_52FmmmZo3hy4JZ6AbdkmXUaVRVuiQSIkwyJNVfXfa0NZIw1PcO52zrmXd1TWz2iN4tdjmqMFesnSJK_U2zkxIOakh8grWud1li1Q_nxA6-9Lx7m5vl79cBYo-XdOizeVHm3N1eqbfUxdkfx1y8LkHuKsTBaoLpPiqzEvTqip6xrdXC2dNsNLqjjNSrR-R3FdofVvJFgAWkYcRCRBmLoGwERoNyBAVYc00SfDtyqtoHNqRxzjjnadxyOdcW54VEVteCU20L6-DOihzifpWRv4WKA0rnr9Py1tw_OPtQetVvtf5cnhOyw3ZFkuncdU1hy1GacirdKkHBRtsTCkecCw14tyFWFU8yDyCZVjYeqBg25tazC-ZYrJLeMzE-CeM6G0dKFDQkyxbwpAhERK015eRiQHM3kPfcjdgrtjUd-WhDbTFBAeBdiSnDeZUv5CJUwneuyOjvVKvAfPZGFhBsqxC3usJsz6isY1zLlgA-hGUrGwc8-DTeTPQlwQqrTLqDJJpgnA9Gy67gor-d8L8zTppSt8zygLH_pqoJ6GEJNgsM1uozeFbYildHG1-pHRQYwhaeINFytnmk6oB5L4c_gW75kgavCw9UkYRqQ9KQES1MUiNO4hAa6xVAyfPlAQdg1qG4UbOpLlYYU19kIyv4KWlJVwS_wJle7DTJhcxMV_3V2OLfJ0QOiuz72DzUy2y4IAmq1L9PTxCQAA__8.l-60WwZyLImpXPlqjsJhfH6y5Mltk1FZtSOd3riDrgB7a7zmVCCN9RSsX1ixLC9NZ6_0rMgL2dChTLZB4WqrvA"
}
Login failure
The following shows the response of a failed authentication attempt.
POST http://demo.elvisdam.com/services/apilogin ?username=guest &password=wrong |
{
"loginSuccess": false,
"loginFaultMessage": "Invalid username or password",
"serverVersion": "6.3.0.1"
}
Document history
- 4 June 2020: Updated section 'section 'What does it do?' with a note about how APIs and API licenses should be used.
- 4 June 2020: Changed the note in section 'What does it do?' from a requirement to use an API license to an advice to use a user with an API license.
Comment
Do you have corrections or additional information about this article? Leave a comment! Do you have a question about what is described in this article? Please contact Support.
8 comments
For how many calls / for how long can I use the Bearer? (e.g. Will it get inactive after 10 mins of not making another POST call?)
Hello Steffen
Bearer active for next 30 minutes after apilogin (can be configured using session.timeout config property)
You can do any number of calls
Doing a call will not auto prolongs Bearer expiration time
I like to do some API testing with Postman. But I already can not get on with the login.
I'm getting follwering errors
Hello Jan,
The API-login is not meant to be called from browser-like environments like Postman.
For testing the API with Postman, you may want to use the regular login api:
https://helpcenter.woodwing.com/hc/en-us/articles/115002663443-Elvis-6-REST-API-login
Hi,
Сontrary to the article and Jan Kampling's results, I'm able to login with /services/apilogin using Postman and Pro User license. Elvis server v 6.43.1.636. Are there any changes in this version?
Hello Sergei,
Pro user and other user types are allowed to use the Api Login call, but they will not be allowed multiple API sessions.
There is no change with 6.43 in license handling. We will reword the Note to be an advice instead of requirement.
Regarding postman working on your end is due to headers it does or doesn't send with the call.
Look into Postman configuration documentation to know more about headers sent.
Regards,
Vincent
Does the use of alive.txt to keep the session alive work when using /services/apilogin ?
When using a standard login (/services/login) using an API client I am able to extend the login using alive.txt as referenced here: https://helpcenter.woodwing.com/hc/en-us/articles/115002643866-Configuring-Elvis-6-session-time-outs
But when using /services/apilogin alive.txt does not seem to be extending the session (unless it needs to be called differently). Is there a method to keep apilogin sessions active?
Hi Craig,
I have turned your question into a ticket for our Support team.
They will reply to you via that ticket.
Best regards,
Maarten van Kleinwee
Senior Technical Writer, WoodWing Software
Please sign in to leave a comment.