/services/apilogin |
What does it do?
This API is aimed at pure API clients and cannot be called from a Web browser. It makes it easier to create integrations than the REST API - Login (through /services/login) which returns the response in a cookie. Also, consecutive calls do not require a CSRF token.
Notes:
|
Parameters
username |
The user name of the user. Required. |
password |
The password of the user. Required. |
clientId |
Tracks the check-out of an asset to a specific client. Only that client will be able to check in the asset. Typically a client will generate a UUID once, store it locally and then pass it with every log-in action. When not specified, client check-outs will not be tracked with a client id. Optional, only required when your client performs check-outs and check-ins. |
Return value
The service returns a JSON response with the following information:
loginSuccess |
true | false Indicates if the log-in action was successful. |
|
serverVersion | The version of Assets Server that was logged in to. | |
loginFaultMessage | A message indicating why a log-in action failed. Only returned when loginSuccess is false. | |
authToken |
Authentication token. This token should be attached to each next call in the "Authorization" header with "Bearer" type for any next GET or POST calls. A CSRF token is not required in this case. Only returned when loginSuccess is true.
|
Examples
Successful login
The following shows the response of a successful authentication attempt.
POST http://demo.assets-server.com/services/apilogin ?username=guest &password=guest |
{
"loginSuccess": true,
"serverVersion": "6.3.0.1",
"authToken": "eyJhbGciOiJIUzUxMiIsInppcCI6IkRFRiJ9.eNp8U9luozAU_Rc_52FmmmZo3hy4JZ6AbdkmXUaVRVuiQSIkwyJNVfXfa0NZIw1PcO52zrmXd1TWz2iN4tdjmqMFesnSJK_U2zkxIOakh8grWud1li1Q_nxA6-9Lx7m5vl79cBYo-XdOizeVHm3N1eqbfUxdkfx1y8LkHuKsTBaoLpPiqzEvTqip6xrdXC2dNsNLqjjNSrR-R3FdofVvJFgAWkYcRCRBmLoGwERoNyBAVYc00SfDtyqtoHNqRxzjjnadxyOdcW54VEVteCU20L6-DOihzifpWRv4WKA0rnr9Py1tw_OPtQetVvtf5cnhOyw3ZFkuncdU1hy1GacirdKkHBRtsTCkecCw14tyFWFU8yDyCZVjYeqBg25tazC-ZYrJLeMzE-CeM6G0dKFDQkyxbwpAhERK015eRiQHM3kPfcjdgrtjUd-WhDbTFBAeBdiSnDeZUv5CJUwneuyOjvVKvAfPZGFhBsqxC3usJsz6isY1zLlgA-hGUrGwc8-DTeTPQlwQqrTLqDJJpgnA9Gy67gor-d8L8zTppSt8zygLH_pqoJ6GEJNgsM1uozeFbYildHG1-pHRQYwhaeINFytnmk6oB5L4c_gW75kgavCw9UkYRqQ9KQES1MUiNO4hAa6xVAyfPlAQdg1qG4UbOpLlYYU19kIyv4KWlJVwS_wJle7DTJhcxMV_3V2OLfJ0QOiuz72DzUy2y4IAmq1L9PTxCQAA__8.l-60WwZyLImpXPlqjsJhfH6y5Mltk1FZtSOd3riDrgB7a7zmVCCN9RSsX1ixLC9NZ6_0rMgL2dChTLZB4WqrvA"
}
Login failure
The following shows the response of a failed authentication attempt.
POST http://demo.assets-server.com/services/apilogin ?username=guest &password=wrong |
{
"loginSuccess": false,
"loginFaultMessage": "Invalid username or password",
"serverVersion": "6.3.0.1"
}
Revisions
- 4 June 2020: Changed the note in section 'What does it do?' from a requirement to use an API license to an advice to use a user with an API license.
- 4 June 2020: Updated section 'section 'What does it do?' with a note about how APIs and API licenses should be used.
Comments
Do you have corrections or additional information about this article? Leave a comment!
Do you have a question about what is described in this article? Please contact support here.
2 comments
Hi
A bit strange notice:
Does it mean that WW now disallows the use of APIs to built custom clients and the use of API licenses to create guest accounts?
Hi Sergei,
I have turned your question into a ticket for our Support team.
They will reply to you via that ticket.
Best regards,
Maarten van Kleinwee
Senior Technical Writer, WoodWing Software
Please sign in to leave a comment.