Skip to main content

Assets Server REST API - API login

  • Updated
/services/apilogin

What does it do?

This API is aimed at pure API clients and cannot be called from a Web browser. It makes it easier to create integrations than the REST API - Login (through /services/login) which returns the response in a cookie. Also, consecutive calls do not require a CSRF token.

Notes: 

  • To perform this call it is advised to use a user with an API license. This way, multiple API sessions are allowed.
  • Although it is technically possible to use this call to mimic the behavior of a client application, it is not allowed to mask clients. APIs and API licenses are only allowed to be used to automate tasks.

Parameters

username

The user name of the user.

Required.
password

The password of the user.

Required.
clientId

Tracks the check-out of an asset to a specific client. Only that client will be able to check in the asset.

Typically a client will generate a UUID once, store it locally and then pass it with every log-in action. When not specified, client check-outs will not be tracked with a client id.

Optional, only required when your client performs check-outs and check-ins.

Return value

The service returns a JSON response with the following information:

loginSuccess

true | false

Indicates if the log-in action was successful.
serverVersion The version of Assets Server that was logged in to.
loginFaultMessage A message indicating why a log-in action failed. Only returned when loginSuccess is false.
authToken

Authentication token. This token should be attached to each next call in the "Authorization" header with "Bearer" type for any next GET or POST calls. A CSRF token is not required in this case.

Only returned when loginSuccess is true.

Example: A request with an Authorization header:

Authorization: Bearer

eyJhbGciOiJIUzUxMiIsInppcCI6IkRFRiJ9.eNp8U9luozAU_Rc_52FmmmZo3hy4JZ6AbdkmXUaVRVuiQSIkwyJNVfXfa0NZIw1PcO52zrmXd1TWz2iN4tdjmqMFesnSJK_U2zkxIOakh8grWud1li1Q_nxA6-9Lx7m5vl79cBYo-XdOizeVHm3N1eqbfUxdkfx1y8LkHuKsTBaoLpPiqzEvTqip6xrdXC2dNsNLqjjNSrR-R3FdofVvJFgAWkYcRCRBmLoGwERoNyBAVYc00SfDtyqtoHNqRxzjjnadxyOdcW54VEVteCU20L6-DOihzifpWRv4WKA0rnr9Py1tw_OPtQetVvtf5cnhOyw3ZFkuncdU1hy1GacirdKkHBRtsTCkecCw14tyFWFU8yDyCZVjYeqBg25tazC-ZYrJLeMzE-CeM6G0dKFDQkyxbwpAhERK015eRiQHM3kPfcjdgrtjUd-WhDbTFBAeBdiSnDeZUv5CJUwneuyOjvVKvAfPZGFhBsqxC3usJsz6isY1zLlgA-hGUrGwc8-DTeTPQlwQqrTLqDJJpgnA9Gy67gor-d8L8zTppSt8zygLH_pqoJ6GEJNgsM1uozeFbYildHG1-pHRQYwhaeINFytnmk6oB5L4c_gW75kgavCw9UkYRqQ9KQES1MUiNO4hAa6xVAyfPlAQdg1qG4UbOpLlYYU19kIyv4KWlJVwS_wJle7DTJhcxMV_3V2OLfJ0QOiuz72DzUy2y4IAmq1L9PTxCQAA__8.l-60WwZyLImpXPlqjsJhfH6y5Mltk1FZtSOd3riDrgB7a7zmVCCN9RSsX1ixLC9NZ6_0rMgL2dChTLZB4WqrvA

Examples

Successful login

The following shows the response of a successful authentication attempt.

POST 

http://demo.assets-server.com/services/apilogin    
    ?username=guest
    &password=guest
 
{
  "loginSuccess": true,
  "serverVersion": "6.3.0.1",
  "authToken": "eyJhbGciOiJIUzUxMiIsInppcCI6IkRFRiJ9.eNp8U9luozAU_Rc_52FmmmZo3hy4JZ6AbdkmXUaVRVuiQSIkwyJNVfXfa0NZIw1PcO52zrmXd1TWz2iN4tdjmqMFesnSJK_U2zkxIOakh8grWud1li1Q_nxA6-9Lx7m5vl79cBYo-XdOizeVHm3N1eqbfUxdkfx1y8LkHuKsTBaoLpPiqzEvTqip6xrdXC2dNsNLqjjNSrR-R3FdofVvJFgAWkYcRCRBmLoGwERoNyBAVYc00SfDtyqtoHNqRxzjjnadxyOdcW54VEVteCU20L6-DOihzifpWRv4WKA0rnr9Py1tw_OPtQetVvtf5cnhOyw3ZFkuncdU1hy1GacirdKkHBRtsTCkecCw14tyFWFU8yDyCZVjYeqBg25tazC-ZYrJLeMzE-CeM6G0dKFDQkyxbwpAhERK015eRiQHM3kPfcjdgrtjUd-WhDbTFBAeBdiSnDeZUv5CJUwneuyOjvVKvAfPZGFhBsqxC3usJsz6isY1zLlgA-hGUrGwc8-DTeTPQlwQqrTLqDJJpgnA9Gy67gor-d8L8zTppSt8zygLH_pqoJ6GEJNgsM1uozeFbYildHG1-pHRQYwhaeINFytnmk6oB5L4c_gW75kgavCw9UkYRqQ9KQES1MUiNO4hAa6xVAyfPlAQdg1qG4UbOpLlYYU19kIyv4KWlJVwS_wJle7DTJhcxMV_3V2OLfJ0QOiuz72DzUy2y4IAmq1L9PTxCQAA__8.l-60WwZyLImpXPlqjsJhfH6y5Mltk1FZtSOd3riDrgB7a7zmVCCN9RSsX1ixLC9NZ6_0rMgL2dChTLZB4WqrvA"
}

Login failure

The following shows the response of a failed authentication attempt.

POST 

http://demo.assets-server.com/services/apilogin    
    ?username=guest
    &password=wrong
 
{
  "loginSuccess": false,
  "loginFaultMessage": "Invalid username or password",
  "serverVersion": "6.3.0.1"
}

Revisions

  • 4 June 2020: Changed the note in section 'What does it do?' from a requirement to use an API license to an advice to use a user with an API license.
  • 4 June 2020: Updated section 'section 'What does it do?' with a note about how APIs and API licenses should be used.

Related articles

Comments

Do you have corrections or additional information about this article? Leave a comment!

Do you have a question about what is described in this article? Please contact support here.


2 comments

Date Votes
  • Sergei Golikov

    Hi
    A bit strange notice:

    • Although it is technically possible to use this call to mimic the behavior of a client application, it is not allowed to mask clients. APIs and API licenses are only allowed to be used to automate tasks.

    Does it mean that WW now disallows the use of APIs to built custom clients and the use of API licenses to create guest accounts?

    0
  • Maarten van Kleinwee

    Hi Sergei, 

    I have turned your question into a ticket for our Support team.
    They will reply to you via that ticket.

    Best regards,

    Maarten van Kleinwee
    Senior Technical Writer, WoodWing Software

    0

Please sign in to leave a comment.