You are here: Reference Manual > FME Server Services > Authentication and Authorization

Authentication and Authorization


The FME Server Web Services support two types of authentication:

  • HTTP basic authentication (username and password)
  • By default, each service is configured to attempt authentication with the FME Server guest user account. Otherwise an HTTP Basic authentication challenge asking for username and password will be made to the requesting client (such as a web browser).

  • Authentication with a token provided by the Token service
  • A token can be passed to a service using the ‘token’ query parameter (such as 'token=<value>').

    For example here is a service request with a token included for authentication:



The REST service can also authenticate using a token generated from the token service. The token is passed to the REST service as an HTTP parameter with the name token.


Each web service has a client ID that is used to determine which roles and, therefore, which users can access the web service. The client ID is configured in the web application properties file of each service using the parameter SECURITY_CLIENT_ID.