Chat now with support
Chat mit Support

Identity Manager 8.2.1 - API Development Guide

Basic principles of API development Examples and help – Software Development Kit API configuration Implementing your own APIs API Designer Quick start – Creating an API with the API Designer Working with the API Designer
Starting the API Designer Project types User interface Global settings Database objects Labeling changes Find and replace Multilingual captions Managing database queries Managing tabs Managing layouts Displaying the change history (command list) Bookmarks Compiling an API Managing versions (compilation branches) Testing an API Linking C# projects to the API Designer
API projects API methods ImxClient command line program

Authentication

User authentication is carried out on the API Server for each API project.

Running an API method requires prior authentication on an API project. If the API method is marked as AllowUnauthenticated, authentication is not required (you can find an example in the SDK)

Authentication has two steps:

  1. Required primary authentication: Default authentication through an authentication module

  2. Optional secondary authentication: Multi-factor authentication (for example, using Starling 2FA)

Detailed information about this topic
Related topics

Authentication (primary)

You can use the imx/login/<API project name> API method for primary authentication on the API project.

To do this, use the POST HTTP method to send a query containing the following:

{ "Module": "RoleBasedPerson", "User": "<user name>", "Password": "<password>" }

TIP: See the SDK for examples.

Security mechanisms

The API Server uses a security mechanism to prevent cross-site request forgery (XSRF) attacks. This randomly generates a token (XSRF-TOKEN) and sends it to the client in a cookie at login. The client must then transmit the value of this token in an HTTP header (X-XSRF-TOKEN) in each request sent to the server. If this header is missing, the request is terminated with error code 400.

TIP: You can change the name of the cookie and HTTP header in the Administration Portal.

Related topics

Authentication with Starling 2FA (secondary)

Secondary authentication on the API project using Starling 2FA uses the following methods:

  • Login/authentication using push notifications: starling/send/push
  • Login/authentication using SMS messages: starling/send/sms
  • Login/authentication using phone calls: starling/send/call
Related topics

Logging out

You can use the imx/logout/<API project name> API method to log out of the API project.

To do this, use the POST HTTP method to send a query without content.

Related topics
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen