Authentication and Authorization
Authentication
The FME Server Web Services support two types of authentication:
- HTTP basic authentication (username and password)
- Authentication with a token provided by the Token service
By default, each service is configured to attempt authentication with the FME Server guest user account. Otherwise an HTTP Basic authentication challenge asking for username and password will be made to the requesting client (such as a web browser).
A token can be passed to a service using the ‘token’ query parameter (such as 'token=<value>').
For example here is a service request with a token included for authentication:
http://localhost/fmejobsubmitter/Samples/
austinDownload.fmw?token=
c759eaf09e4638954f63ace0ce1b53b40f62ccb7
REST
The REST service can also authenticate using a token generated from the token service. The token is passed to the REST service as an HTTP parameter with the name token.
Authorization
Each web service has a client ID that is used to determine which roles and, therefore, which users can access the web service. The client ID is configured in the web application properties file of each service using the parameter SECURITY_CLIENT_ID.