1.2.2 Security and authentication
User authentication is required in order to send an API request and receive the response. JP1/OA API functions use Basic authentication (Basic Access Authentication) or an authentication using the HSSO token.
The HSSO token is necessary for Single Sign-On. The HSSO token times out after 1,000 seconds.
In the request header, specify the authentication information to be used for user authentication. The following example specifies authentication information in the request header.
- Example for basic authentication:
-
Authorization: Basic△c3lzdGVtOm1hbmFnZXI=
Legend: △: Single-byte space
Basic authentication requires you to specify the authentication header indicating "Basic" (authentication method) followed by a string consisting of the user name and password separated by a colon (ASCII: 0x3A), encoded with Base64 (referred to as "basic token").
- Example for authentication using the HSSO token:
-
Authorization:HSSO△32bd25936120d68dceabcb49493079f8ef82a4_V0300
Legend: △: Single-byte space
The HSSO token authentication requires you to specify the authorization header indicating "HSSO" (authentication method) followed by an HSSO token.
For unauthorized requests, JP1/OA servers return status code "401" and requests user authentication.
Authorization:HSSO△hsso token
Legend: △: Single-byte space
JP1/OA servers return the status code "401" for unauthorized requests, and request user authentication.