Authentication
Introduction
Most requests against the WebTSM Services require that the client/user be authenticated.
There are three methods available for authentication:
- Basic authentication
- Token authentication
- API key authentication
Chosing a Method For Authentication
The type of authentication to be used depends on the clients accessing the service.
Basic authentication can be easier for users to implement but has some drawbacks:
- Reduced security unless the service is only reachable via SSL
- Reduced performance because of additional data base round-trips on each request
Token authentication is more complicated for users of the service to implement. However, it comes with the following advantages:
- Improved security, especially when users develop browser-based applications.
- Slightly improved performance
- Integration with existing user management applications
API keys are for clients where periodically renewing an access token is unpractical. When enabled, users authenticated by one of the other aforementioned means may create a limited number of keys which can be used just like access tokens.
- API keys are valid indefinitely
- API keys can be revoked by the user in case they are compromised
- Operators can limit how many API keys a user can create
- All other advantages of token authentication apply.
For specific details in configuring one or the other, please refer to the links below:
Basic Authentication
Token Authentication
API Key Authentication
(3.10.6) API Key Authentication
Using Authentication
If you are developing a client application that needs to authenticate in order to access a WebTSM Service instance, please refer to the corresponding user documentation here:Authentication