URI
<services_uri>/security/tokens[.<format>]
Supported methods
Parent resource
Introduction
Get the Token of the protected service according to the user information. After getting the Token, a user can Access Protected REST Service Resource based on Token.
For information about Token, please refer to Token-based Authentication.
Supported Methods:
- GET: Return the form for applying and obtaining Token.
- POST: Input user information to apply for Token.
- HEAD: Check whether the Token resource exists or whether the current user has permission to access the Token resource.
Supported output formats: rjson, json, html, xml.
Resource hierarchy
HTTP request methods
Execute the HTTP request on the following URI, where supermapiserver is the server name, with rjson being the output format.
http://supermapiserver:8090/iserver/services/security/tokens.rjson
GET request
Return the form the applies and gets Token.
POST request
Input user information to apply for Token.
Request parameter
Following arguments need to be included while applying for Token.
| Name | Type | Description |
| userName | String | [Required parameter] The authenticated user name to apply for the token. |
| password | String | [Required parameter] The user password. |
| clientType | enum | [Required parameter] The way to issue the token. 4 values are supported, corresponding 4 ways for issuing tokens: IP, the specified IP address; Referer; the specified URL; RequestIP, the IP of the client sending the request; NONE, none verification will be executed. |
| ip | String | Required when clientType=IP. Pass corresponding IP if the token will be applied by specifying the IP. |
| referer | String | Required when clientType=Referer. Pass corresponding URL if the token will be applied by specifying the URL. |
| expiration | long | [Required parameter] The validity period of the token, starting from the time the token was issued, in min. |
Response structure
If the user name, password you entered are correct, a string which is the Token which contains user's permission will be returned.
If the user name, password you entered are verified failed, the structure of the response as shown below will be returned:
| Name | Type | Description |
| succeed | boolean | Operation successes or fails, false if fails. |
| error | HttpError | If the user name or password is incorrect, an error message is returned with a response code of 400. |
Response example
Execute the POST request on the tokens resource http://localhost:8090/iserver/services/security/tokens.rjson. The following arguments are passed in.
{
"userName": "user1",
"password": "secret",
"clientType": "RequestIP",
"expiration": 60
}
The rjson format returned is as follows:
9AUyV9QOpTARW-Zj1yybXdjHgQvgWtmeQKNPQ43jSjfO3ELFpjKmeCRUuVwrLGfCLNIkJpq5KpVWOn8HwWehhg..
HEAD request
Asks for the response identical to the one that would correspond to a GET request, but without the response body. This is useful for retrieving meta-information written in response headers, without having to transport the entire content. The meta-information includes the media-type, content-encoding, transfer-encoding, content-length, etc.
HEAD request can be used to check if the tokens resource exists, or if the tokens resource can be accessed by clients. It can also determine if the tokens resource supports an output format <format> if performed on a URI with .<format> included.