You are here: Reference Manual > FME Server Web Services > Utility Services > Token Service

Token Service

This service allows users to generate security tokens using a user account name and password.

By default, a token is tied to the client's credentials (username and password) and is valid for a specific period of time. A token can be retrieved by:

Token authentication provides a convenient way for your web applications to invoke the FME Server Web Services. Instead of embedding pregenerated tokens into an application, your application should request a token from the token service dynamically using user name and password via HTTPS. Once the token is obtained, the application can apply it to service requests via HTTP. In this context tokens should have short lifetime to be secure, such as one day.

Token authentication is applicable to the following FME Server Web Services:

  • Data Download Service
  • Job Submitter Service
  • Data Streaming Service
  • KML Network Link Service

Token Expiration Time

The maximum life of any token generated is two years. This means if you were to generate a token with a three-year expiration time, it would still be limited to 2 years. You may wish to shorten the maximum length of the token expiration for higher security in your application. To modify this setting, update the MAX_EXPIRATION parameter in the configuration file (propertiesFile.properties) found in the fmetoken webservice folder (<FMEServerDir>/Utilities/tomcat/webapps/fmetoken/WEB-INF/conf). For more information, see Web Application Properties.

Service URL

To return a token as plain text:

http://<host>:<port>/fmetoken/generate?<parameters>

To return a token in JSON:

http://<host>:<port>/fmetoken/generate.json?<parameters>

The supported parameters are:

Parameter Description
user

The user ID

password

The user password

expiration

The token's expiration time

timeunit

The unit of expiration time (optional), expressed as second, minute, hour, or day. If not specified, second is assumed.

update

When true, instructs the Token Service to generate a new token, even if one is already available that has not yet expired. If not specified, false is assumed, and an existing token is returned, if available.

Example

The following cURL example submits a POST request for a new token in JSON for user "admin" that expires in three days.

curl -X POST \

http://myhost:80/fmetoken/generate.json \

-H 'accept: application/json' \

-H 'content-type: application/x-www-form-urlencoded' \

-d 'user=admin&password=admin&expiration=3&timeunit=day&update=true'

Response Format

The following is an example JSON response document of a token request:

{"serviceResponse": {

"clientAddress": "",

"token": "<token>",

"expirationDate": "2017-11-23 21:14:52"

}}

See Also