You are here: Reference Manual > FME Server Services > Utility Services > Token Service

Token Service

This service allows users to generate security tokens using a user account name and password.

By default, a token is tied to the client's credentials (username and password) and is valid for a specific period of time. A token can be retrieved manually by logging into FME the Token Service web service in a web browser or programmatically.

Token authentication provides a convenient way for your web applications to invoke FME Server web services, including the REST API. Instead of embedding pregenerated tokens into an application, your application should request a token from token service dynamically using user name and password via HTTPS. Once the token is obtained, the application can apply it to service requests via HTTP. In this context tokens should have short lifetime to be secure, such as one day.

Token authentication is applicable to the following FME Server web services:

  • Data Download Service
  • Job Submitter Service
  • Data Streaming Service
  • KML Network Link Service
  • REST Service

Token Expiration Time

The maximum life of any token generated is two years. This means if you were to generate a token with a three-year expiration time, it would still be limited to 2 years. You may wish to shorten the maximum length of the token expiration for higher security in your application. To modify this setting, update the MAX_EXPIRATION parameter in the configuration file (propertiesFile.properties) found in the fmetoken webservice folder (<FMEServerDir>/Utilities/tomcat/webapps/fmetoken/WEB-INF/conf). For more information, see Web Application Properties.

Service URL

To return a token as plain text:

http://<host>:<port>/fmetoken/generate?<parameters>

To return a token in JSON:

http://<host>:<port>/fmetoken/generate.json?<parameters>

The supported parameters are:

Parameter Description
user

The user ID

password

The user password

expiration

The token's expiration time

timeunit

The unit of expiration time (optional), expressed as second, minute, hour, or day. If not specified, second is assumed.

update

When true, instructs the Token Service to generate a new token. If not specified, false is assumed, and an existing token is returned, regardless of the token's expiration and timeunit settings.

The following example generates a new token in JSON for user "admin" that expires in three days.

http://myhost:80/fmetoken/generate.json?user=admin&password=admin&expiration=3&timeunit=day&update=true

See Also