Web API Authentication

If the controller has security setup then some endpoints of the HTTP API will require clients to authenticate in order to authorise the requests.

Authentication Methods

Pharos Express supports Token Authentication: used with HTTP API requests, typically when the client is not a web browser. A new token, valid for 5 minutes, is returned from each authenticated request. If the API client, is inactive for longer than 5 minutes then the token expires, requiring a username and password to be provided again.

Token Authentication

Token authentication is typically used by the HTTP API in cases where a web browser is not the client. The client requests a Bearer Token with a POST request to the controller’s /authenticate endpoint, providing the username and password, and this token is then used in future requests.

To use the token in a request, set the Authorization header value to Bearer {your token}, where {your token} should be replaced with the value of token in the response.

The JSON object in the response from each authenticated request will include a token attribute, whose value will be a new token, valid for 5 minutes. If no authenticated requests are made for 5 minutes then the token will expire and the /authenticate endpoint must be used to get a new token.