HTTP authentication
JSON authentication
SAMLv2*
OpenID*
* Supported only on local installations. Availability is limited by the ABRA Flexi license. Configured in the server's web interface at /admin/auth-settings.
HTTP Authentication
Basic HTTP authentication is the original method for verifying users when logging into the ABRA Flexi web interface (WUI). It is also one of the available authentication options for the REST API. Simply send an authentication header with each HTTP request. If the header is omitted, the request will be redirected to the login form, or a status of 401 Authorization required (HTTP authentication required) will be returned.
We attempt to detect REST API calls and continue offering HTTP authentication. If detection fails, or if you need to control the authentication method explicitly, you can use the ?auth=http parameter (see URL parameters).
Example of communication using basic HTTP authentication with the curl command:
curl -L -v -u winstrom:winstrom 'https://demo.flexibee.eu:5434/c/demo/adresar.xml?detail=custom:kod&limit=1'
⋮ * Server auth using Basic with user 'winstrom' > GET /c/demo/adresar.xml?detail=custom:kod&limit=1 HTTP/1.1 > Host: demo.flexibee.eu:5434> Authorization: Basic d2luc3Ryb206d2luc3Ryb20= > User-Agent: curl/7.54.1 > Accept: */* > < HTTP/1.1 200 OK < Cache-Control: private, max-age=0, no-cache < Set-Cookie: lang=cs;Version=1 < Vary: Accept < Content-Type: application/xml < Content-Length: 150 < Via: 1.1.loadbal-fra-1.c.flexibee.eu < 755 AAA
For an example of authentication in PHP, see the real-world examples in the API series.
Basic HTTP authentication can also be included directly in the URL, which may look like this: "https://username:password@server_address:5434/c/company/evidence". How to construct the URL is described in our separate guide.
JSON Authentication (Authentication Session)
If you want to authenticate with ABRA Flexi and reuse the established authentication for subsequent calls, use the API to obtain an authentication token:
POST /login-logout/login.json
Note: This method returns results only in JSON format, so make sure to correctly specify the requested format in your query.
The call must include raw data:
| Username |
| User password |
| One-time password (if required) |
Example call (raw data):
{ "username": "novak", "password": "heslo"}
Successful authentication
The result is a success flag success=true and an authentication token authSessionId:
{ "success": true, "authSessionId": "00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff"}Failed authentication
A failed authentication is indicated by the flag success=false with a detailed description in the string errors.reason:
{ "success": false, "errors": { "reason": "Bylo zad\u00e1no chybn\u00e9 u\u017eivatelsk\u00e9 jm\u00e9no \u010di heslo." }}Ways to Use the Authentication Token
The obtained authentication can be passed in requests in three ways:
Cookie:
authSessionId: 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeffHTTP header:
X-authSessionId: 00112233445566778899aabbccddeeff00112233445566778899aabbccddeeffURL query
?authSessionId=00112233445566778899aabbccddeeff00112233445566778899aabbccddeeff
Warning: When using the URL query option, authentication credentials will be logged on the ABRA Flexi server.
To keep the token valid, you need to maintain the connection by occasionally calling GET /login-logout/session-keep-alive.js. We call it every 60 seconds, but once every 30 minutes should be sufficient.
If you want to use the refreshToken, you need to send it as a cookie with a GET /login-logout/check request, which will give you a new authSessionId.
You can also perform user logout via the API.
Embedding a login form on your own pages
If you need to embed a login form on your own pages, use this HTML as a reference:
<form action="https://demo.flexibee.eu:5434/login-logout/login.html" method="POST">
Jméno: <input type="text" name="username" value=""/>
<br/>
Heslo: <input type="password" name="password"/>
<br/>
<input type="submit" name="submit" value="Přihlásit"/>
</form>
It is also possible to add the returnUrl parameter to specify the address to which the user should be redirected. If you are using OTP, you must also add the otp parameter. This method cannot be used with SSO (OpenID or SAMLv2).