Authorization

1. Via Basic Authentication

After performing Authentication, every call to the API needs to contain a header named SessionId containing the GUID of the active session which identifies the currently logged in user.

NOTE: The sessionId expires 15 minutes after the last request obtained by using that particular GUID value, i.e. sliding expiration.

How does the API handle this header?

When receiving a request, before even routing the call, it's validity is checked. If there is no Authorization header, then the server expects to receive a sessionId header. If the content is the GUID of an active session, then the user to which that active session belongs to is loaded into the Identity Provider.

The next step is loading the user's permissions. After this is handled, the request is routed. Assuming the URL is valid, there will be a check whether the current user has permissions to use that specific route. In case of either success or error, appropriate messages are returned.

2. Via SSH Keys

** WORK IN PROGRESS **

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Authorization

1. Via Basic Authentication

How does the API handle this header?

2. Via SSH Keys

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally