Address Manager uses token-based authentication and authorization. Once generated, the token must be used when invoking every subsequent API method in Address Manager.
Generating a token
You must generate the authentication and authorization token by invoking the login API method. You must use an API user account to access the Address Manager API. If your credentials are invalid, it will fail with an error. For more information about login and logout methods, refer to GET /v1/login.
http://<AddressManager_IP or hostname>/Services/REST/v1/login?username=<username>&password=<password>
Output / Response
The body of the JSON response for the above API method will be in the "Session
Token-> ${ACTUAL_TOKEN} <- for User : ${USERNAME_PASSED}"
and it can be used
to extract the authorization token.
The ACTUAL_TOKEN is comprised of the keyword BAMAuthToken and a dynamically generated token hash. For example, “BAMAuthToken: 4bippMTQ1ODAzNzgwNjE0MzphcGk=”.
Authorizing API methods
The generated authorization token must be passed when invoking any API method. The token needs to be passed as an Authorization property in the request header.
Configuring the token timeout
The generated token shares the same timeout as the Address Manager session. You can change this behavior according to your use case. Refer to Setting user session time out values in the Address Manager Administration Guide.