Web Services Authentication

The Transformation Services and Data Upload Service support authentication through HTTP basic authentication. The user account that runs a workspace and requests a service must have Run permission on the repository in which the workspace resides, and Access permission to the service.

HTTP Basic Authentication

To authorize access, the Web Services first attempt the credentials (user name and password) of the user account associated with the request. If this attempt fails, the web services return a Basic HTTP authentication challenge to the requesting client, such as a web browser.

Note  In versions of FME Flow prior to 2023.0, the guest user account could provide unauthenticated access to the FME Flow Web Services. For security reasons, this feature is removed.

Token Authentication

A token can be specified in a header or query string parameter. For security reasons, providing the token in a header is the preferred method, because a request URL may be logged by proxies or web servers.

Authorization Header

Specify the following to supply the Authorization header:

Header Key

Header Value

Authorization fmetoken token=<token_value>

Query String Authorization

The query string parameter is token. For example, to run the Data Download Service:

http://myhost.com/fmedatadownload/Samples/austinApartments.fmw?token=<token_value>

See Also