Token Service
This service allows users to generate security tokens using a user account name and password.
By default, a token is tied to the client's credentials (username and password) and is valid for a specific period of time. A token can be retrieved by:
- Logging into the FME Server Web User Interface.
- Issuing a request from the token service in a web browser.
- Programmatically, such as through the REST API.
Token authentication provides a convenient way for your web applications to invoke the FME Server Web Services. Instead of embedding pregenerated tokens into an application, your application should request a token from the token service dynamically using user name and password via HTTPS. Once the token is obtained, the application can apply it to service requests via HTTP. In this context tokens should have short lifetime to be secure, such as one day.
Token authentication is applicable to the following FME Server Web Services:
- Data Download Service
- Job Submitter Service
- Data Streaming Service
- KML Network Link Service
Token Expiration Time
The maximum life of any token generated is two years. This means if you were to generate a token with a three-year expiration time, it would still be limited to 2 years. You may wish to shorten the maximum length of the token expiration for higher security in your application. To modify this setting, update the MAX_EXPIRATION parameter in the configuration file (propertiesFile.properties) found in the fmetoken webservice folder (<FMEServerDir>/Utilities/tomcat/webapps/fmetoken/WEB-INF/conf). For more information, see Web Application Properties.
Service URL
To return a token as plain text:
http://<host>:<port>/fmetoken/generate?<parameters>
To return a token in JSON:
http://<host>:<port>/fmetoken/generate.json?<parameters>
The supported parameters are:
Parameter | Description |
---|---|
user |
The user ID |
password |
The user password |
expiration |
The token's expiration time |
timeunit |
The unit of expiration time (optional), expressed as |
update |
When |
Example
The following cURL example submits a POST request for a new token in JSON for user "admin" that expires in three days.
curl -X POST \
http://myhost:80/fmetoken/generate.json \
-H 'accept: application/json' \
-H 'content-type: application/x-www-form-urlencoded' \
-d 'user=admin&password=admin&expiration=3&timeunit=day&update=true'
Response Format
The following is an example JSON response document of a token request:
{"serviceResponse": {
"clientAddress": "",
"token": "<token>",
"expirationDate": "2017-11-23 21:14:52"
}}
See Also