Auth Tokens

Auth Tokens
lac31
API user roles require authentication tokens for authentication to call APIs. An authentication token (the 
apikeys
 endpoint) consists of a (usually secret) string that authenticates REST calls and associated properties. An authentication token is a (typically) long string with two nodes, such as 
abcdefg:1
. In this example, 
abcdefg
 is the 
apikey
 and 
:1
 is unused. 
CA Live API Creator
 maps the second node to your roles for authorization. You can assign an authentication token to one or more API user roles.
Authentication tokens are required for almost all REST calls, with a few exceptions, such as the 
@authentication
 resource endpoint (since its purpose is to obtain an auth token), the 
@heartbeat
 resource endpoint, and the 
@license
 resource endpoint. Calls that do not include an auth token are returned with HTTP status code 401.
 For more information:
Attributes
The following table includes the 
apikeys
 endpoint attributes:
Name
Type
Required
Description
ident
 integer
 Y
The unique identifier for this authentication token.
ts
 timestamp
 Y
The date and time this authentication token was created or last modified.
name
 string(100)
 Y
The name for the authentication token.
description
 string(2000)
 N
The description for the authentication token.
apikey
 string(128)
 Y
The actual authentication token. On insertion, if you want 
CA Live API Creator
 to generate the authentication token, leave this value blank, or if you want a fixed authentication token, enter a value.
status
 char
 Y
 
Values:
 
  • A: The authentication token is active.
  • D: The authentication token is inactive.
    Using inactive authentication tokens results in authentication errors.
expiration
 timestamp
 N
If specified, the date and time at which this authentication token becomes invalid.
logging
 string(200)
 N
A comma-separated list of logging levels for the various loggers. For example:
admini=DEBUG,buslog=DEBUG,depend=DEBUG,generl=DEBUG,persis=DEBUG,engine=DEBUG,
resrcs=DEBUG,securi=DEBUG,sysdbg=DEBUG,ulogic=DEBUG
If all loggers should be at the same level, you can also use the following syntax:
*=DEBUG
For more information about logging levels, see View Logging Information.
user_identifier
 string(100)
 N
If specified, the identifier for the API user (typically some sort of user name or user ID). Ideally, this attribute allows the identification of the API user, but that is not required.
data
 string(1000)
 N
If specified, a comma-separated list of name/value pairs that are available in the security context for this authentication token, for example:
employeeNo=12345,region=ASIA
origin
 char
 N
Indicates who created this authentication token. A value of
A
means that the authentication service created it.
project_ident
 integer
 Y
The ident of the API that contains this authentication token.