This action is used for user authentication. It accepts the login credentials and returns the user full name, his role and an authentication token. For demonstration purposes, the system will be supported with service accounts to be used with authentication calls, no password policies are applied on these accounts, and these accounts are:
[POST] https://serverURL/idscanenterprisesvc/token Request/Response format: application/x-www-form-urlencoded
Parameters:
| Name | Description | Format |
| UserName | Mandatory, the user login name | The key and value should be lower case sensitive string. |
| Password | Mandatory, the user password | The key should be lower case string; value is case sensitive. |
| Area | Possible Values: scanning investigation | The key and value should be lower case sensitive string, see Areas Table. |
| grant_type | password |
Results:
| Key Name | Description | Format |
| Username | User login name | String |
| FullName | User full name | String |
| Role | User role | String |
| Token | Authentication token | String, the key is in lower case |
Important Notes: Notice that the content-type and payload type is “x-www-form-urlencoded” so the payload body will be in the form (grant_type=password&username=”yourusername”&password=”yourpassword”). If all is correct, you’ll notice that you’ve received signed token on the response.
When generating a token, please ensure you do not submit the value as ‘bearer’ and that you use the GBG IDscan documentation to understand how to submit correctly
A new Authentication Token should be sent along with every forthcoming request in the http headers.
The authentication token can be set in the HTTP request one of the following ways:
- By
using Cookie:
- Cookie: token= DE14ydbxNEiUuIaV2tHN2A
- By
using Authorization Http header:
- Authorization: DE14ydbxNEiUuIaV2tHN2A
Important Notes: Tokens are only valid for 10 hours. We advise for best practice generating a new token per journey request.
Authentication action must be called before attempting Upload or Retrieval, each action has its designated value of the “area” parameter in the authentication request.
Calls must have an authentication token that was acquired with the appropriate “area” in order to do successful calls, the area names required for calls are as of the following:
| Action Name | Area | Format |
| Upload | Scanning | Lower case string |
| Retrieval | Investigation | Lower case string |
Response:
{
"access_token": "_dbDABG_sERyqaDFgk1DYDTo9BHe9OPD4r6l3MNr4-PgkCorjtLSfaoxbqz4QQgOvSZyzAx9rMZnMxFn80knO_yRJ2eesVeVR-1xwgyb7cNiVlwPC-SX9RfHs1f0QRrpxQrYtoqHXFP_1GCvjR5MKbrPGhoi_LcBGWKghpklno_vzJMiZKLyuXpaCv8xN3y64lpCHZ7WHCIeFQkYYxu_9DsazrWPjxc9j0KRGhNDFjQQGrJ9ZsXB5ExyuRgVREKyhfQyQxmBYZu2JTNZG-_ntj3QnyPkNAKE92HGPinCow86P4JGU9nMgiQL72QHr30Aiy54y8NyKlxjcJRjCP3Z8nXNY_Che4rkjC8w16TodudI-x0eO2qXaP4MGTee9EMZB__YQikTkshJANZGhwjeexfhZAWu1t5aJ6TucYz14-GRKeLQnJXsrSkWWZ8VKHHy0zYH7LzHaoFY0KvP8aNNTQLPA2wGtKZp7oISq1mb9Vadqf4sBKpQFRo-dy1CzIU3GLfOEO2qza1CRjGUGEkn0c6_P4IjC4uLLxOyfcRQVQP6yLAttUBXz6-8Tii-qBwA",
"token_type": "bearer",
"expires_in": 35999,
"BranchCode": "",
"http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name": "psc",
"FullName": "PSC",
"AbbeyServiceCentre": "",
"JourneyId": "",
"IdleSessionTimeout": "15",
"http://schemas.microsoft.com/ws/2008/06/identity/claims/role": "SuperAdministrator",
"memberOf": "Users,Domain Users,AWS Delegated Add Workstations To Domain Users,IEOSAdmins,IDscan",
"tenant": "IDscan",
".issued": "Fri, 15 Nov 2019 12:42:34 GMT",
".expires": "Fri, 15 Feb 2019 22:22:15 GMT"
}