You are here: Reference Manual > FME Server Web Services > Utility Services > Token Service

Token Service

This service allows users to generate security tokens using a user account name and password.

By default, a token is tied to the client's credentials (username and password) and is valid for a specific period of time. A token can be retrieved by:

Logging into the FME Server Web User Interface.
Issuing a request from the token service in a web browser.
Programmatically, such as through the REST API.

Token authentication provides a convenient way for your web applications to invoke the FME Server Web Services. Instead of embedding pregenerated tokens into an application, your application should request a token from the token service dynamically using user name and password via HTTPS. Once the token is obtained, the application can apply it to service requests via HTTP. In this context tokens should have short lifetime to be secure, such as one day.

Token authentication is applicable to the following FME Server Web Services:

Data Download Service
Job Submitter Service
Data Streaming Service
KML Network Link Service

Token Expiration Time

The maximum life of any token generated is two years. This means if you were to generate a token with a three-year expiration time, it would still be limited to 2 years. You may wish to shorten the maximum length of the token expiration for higher security in your application. To modify this setting, update the MAX_EXPIRATION parameter in the configuration file (propertiesFile.properties) found in the fmetoken webservice folder (<FMEServerDir>/Utilities/tomcat/webapps/fmetoken/WEB-INF/conf). For more information, see Web Application Properties.

Service URL

To return a token as plain text:

http://<host>:<port>/fmetoken/generate?<parameters>

To return a token in JSON:

http://<host>:<port>/fmetoken/generate.json?<parameters>

The supported parameters are:

Parameter	Description
user	The user ID
password	The user password
expiration	The token's expiration time
timeunit	The unit of expiration time (optional), expressed as `second`, `minute`, `hour`, or `day`. If not specified, `second` is assumed.
update	When `true`, instructs the Token Service to generate a new token, even if one is already available that has not yet expired. If not specified, `false` is assumed, and an existing token is returned, if available.

Example

The following cURL example submits a POST request for a new token in JSON for user "admin" that expires in three days.

curl -X POST \

http://myhost:80/fmetoken/generate.json \

-H 'accept: application/json' \

-H 'content-type: application/x-www-form-urlencoded' \

-d 'user=admin&password=admin&expiration=3&timeunit=day&update=true'

Response Format

The following is an example JSON response document of a token request:

{"serviceResponse": {

"clientAddress": "",

"token": "<token>",

"expirationDate": "2017-11-23 21:14:52"

}}