Versions Compared

Old Version 38

changes.mady.by.user Karis Hathaway

Saved on

compared with

New Version Current

changes.mady.by.user Bianca Rosa

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Scroll Health Check: The link has been rewritten to its master page by check 'P16'.

Table of Contents
outlinetrue
stylenone

...

When an API User is removed from the system, all other associated API Sessions will be deleted as part of the action.

Tokens Tab

Tokens Tab ExampleImage Added

From 'API Tokens' Grid the User is able to Delete SelectedImage Added API Keys Tokens associated to a User's Session. This is very useful if somehow an API Token becomes compromised and another User begins using the Token as well; an Admin User can immediately remove the Token and force all Users of that API Key to re-authenticate, rather than having to wait for the Token to expire.

User Access Validation for the API

Anonymous Mode

This mode of accessing the API has been depreciatedHTTP POST is required for the login endpoint.

A basic request looks like this:

...

The system configuration AUTH_SESSION_LIFETIME_SECONDS defines the length of time a Session is valid.  If this parameter is set to "0", then the Session is set to not expire as long as the User.  Any other value to cause the User to need to get a new Token after the defined interval, regardless of User Activity.

The system configuration AUTH_SESSION_ACTIVITY_SECONDS defined the length of time a User's Session is valid, before it times out do to Inactivity.

For more detail on these configuration values, please see the Authentication Configuration Wiki Page.

All expired tokens for the user and API key will be deleted.

...