1.2.2 Security and authentication
User authentication is required in order to send an API request and receive the response. JP1/OA API functions use Basic authentication (Basic Access Authentication) or authentication by using the HSSO token.
The HSSO token is necessary for Single Sign-On. The HSSO token times out after 1,000 seconds.
In the request header, specify the authentication information to be used for user authentication.
Basic authentication requires you to specify the authentication header indicating "Basic" (authentication method) followed by a string consisting of the user name and password separated by a colon (ASCII: 0x3A), encoded with Base64 (referred to as "basic token").
- Example for basic authentication:
-
Authorization: Basic△c3lzdGVtOm1hbmFnZXI=
Legend: △: Single-byte space
The HSSO token authentication requires you to specify the authorization header indicating "HSSO" (authentication method) followed by an HSSO token.
- Example for authentication using the HSSO token:
-
Authorization:HSSO△32bd25936120d68dceabcb49493079f8ef82a4_V0300
Legend: △: Single-byte space
For unauthorized requests, JP1/OA servers return status code "401".
- Note
-
If you use Basic authentication or authentication using the HSSO token to connect to the JP1/OA server, WWW-Authenticate: HSSO hsso token is returned in the response header. If you want to reconnect with the JP1/OA server by using the same session to run an API function, specify the request header as follows:
Authorization:HSSO△hsso_token
Legend: △: Single-byte space
JP1/OA servers return the status code "401" for unauthorized requests, and request user authentication.