You are here: Reference Manual > FME Server Web Services > Authentication and Authorization

Web Services Authentication

The Transformation Services and Data Upload Service support authentication through HTTP basic authentication, or in conjunction with the Token Service. The user account that runs a workspace and requests a service must have Run permission on the repository in which the workspace resides, and Access permission to the service.

HTTP Basic Authentication

To authorize access, the web services first attempt the credentials (user name and password) of the user account associated with the request. If this attempt fails, access is attempted through the credentials of the guest user account. If this attempt fails, the web services return a Basic HTTP authentication challenge to the requesting client, such as a web browser.

Note: For more information about the guest user account, see About the Trusted User Account.

Token Authentication

A token can be specified in a header or query string parameter. For security reasons, providing the token in a header is the preferred method, because a request URL may be logged by proxies or web servers.

Authorization Header

Specify the following to supply the Authorization header:

Header Key

Header Value

Authorization fmetoken token=<token_value>

Query String Authorization

The query string parameter is token. For example, to run the Data Download Service:

http://myhost.com/fmedatadownload/Samples/austinApartments.fmw?token=<token_value>