2.2.2 Security and authentication
User authentication is required to issue an API request and receive the response. A JP1/AO API uses the Basic authentication (Basic Access Authentication) or an authentication using the HSSO token. The HSSO token is necessary for Single Sign-On. The HSSO token is timed out when 1,000 seconds have passed since it was issued.
In the request header, specify the authentication information to be used for user authentication. The following example specifies authentication information in the request header.
Example
- For Basic authentication:
Authorization: Basic c3lzdGVtOm1hbmFnZXI=
- For authentication using the HSSO token
Authorization:HSSO 32bd25936120d68dceabcb49493079f8ef82a4_V0300
If a request with no permission is issued, the JP1/AO server returns status code 401 as the response, and requests user authentication.
- Tip
If Basic authentication or HSSO token-based authentication is used to connect to the JP1/AO server, WWW-Authenticate: HSSO hsso token is returned in the response header. If you want to use the same session to connect to the JP1/AO server and issue an API function, specify the request header as follows:
Authorization:HSSO hsso-token