Authentication

Token Authentication

When using the REST API, the standard basic and session authentication methods are available in most of the endpoints. But our platform’s API has also an extra method, the Token authentication.

Tokens can be managed by users on their profile page, or by administrators under each user management page:

../_images/tokens.png

The token key is only visible at the creation time and cannot be read back again. In case a token is forgotten or lost, it should be removed and a new one must be created. When creating a token is also possible to assign and expiration date in case is needed for a particular use case.

Tokens can also be created or managed via the REST API, more information about how this works is available at the API Reference, accessible on the “Help” section of Cantemo’s main menu bar.

Once a token is created, it can be used to authenticate towards most of the REST API endpoints. The way to use tokens is by adding a HTTP header with name “AUTH-TOKEN” and the token key as the value. For example, a CURL request to Cantemo with token authentication, looks like:

curl -X GET http://exampledomain.com/API/v2/healthcheck/simple -H 'AUTH-TOKEN: 5778161da0fd75b498c66647d9846f08eead727249508’

Run As

The “run as” feature will allow administrator users (users with portal_administrator role) to execute requests as if the request has been made by another specified user. This way, the request will not behave as if the request was made by the administrator user, but as the specified user.

The way to use this feature is by adding a HTTP header with name “RUNAS” and the token key as the value. For example, a CURL request to Cantemo with the “run as” feature, looks like:

curl -X GET http://portal40.cantemo.com/API/v2/whoami/  -H 'Authorization: Basic ****' -H 'runas: someuser’