Auth
This is the authentication procedure, and it's mandatory before any other REST API call.
If successful it returns a Bearer token to be used for authorization in all subsequent REST API calls.
Request
Method |
URL |
GET |
/smserver/Auth |
RAW |
GET /smserver/Auth HTTP/1.1 Cache-Control: no-cache Connection: Keep-Alive Pragma: no-cache Content-Type: application/json; charset=UTF-8 Accept: */* Accept-Encoding: synlz Authorization: Basic XXXXXXXXXXXXXXXX== User-Agent: Mozilla/4.0 (compatible; MSIE 5.5;) Host: 192.168.172.66:8080 |
Explained |
The Authorization field must contain the base64 encoded of a string formed by the concatenation of username, a single colon character (:), and the password; for the SuperAdmin interface the username must always be sa:
Example, say the username is sa and the password is password, then the Authorization header will be: Authorization: Basic c2E6cGFzc3dvcmQ= |
Response
Method |
URL |
RAW |
HTTP/1.1 200 OK Content-Type: application/json; charset=UTF-8 Set-Cookie: SMS4=03825F44; Path=/smserver-default Server: mORMot/1.18.1252 (Windows) Microsoft-HTTPAPI/2.0 Server-InternalState: 1 Accept-Encoding: synlz,gzip Date: Wed, 17 Jun 2015 08:32:05 GMT Content-Length: 43
{"result":14341208, "logonname":"sa", "access_token":"7f535282-b541-4e6a-6709-120906285932", "token_type":"bearer", "scope":"SCOPE_AUTH"} |
Explained |
The response contains the cookie that we will need to continue this session. The JSON payload of the response contains 5 fields: •result (internal value not important) •logonname: same username, for verification only •access_token: the access token to be used for all subsequent REST API calls •token_type: the type of the access token, currently only "bearer" type is supported •scope: the scope of the access token, this token is used as an authorization token |