1 Reply Latest reply on Jan 15, 2018 10:15 PM by sharmon RSS
    sharmon Creator

    Axeda Scripto - How do I authenticate to Scripto services without passing username and password as query parameters?

    A student in the Axeda Groovy course had some good questions. Instead of answering via email, I thought I'd answer here, so we could share the knowledge.


    Scripto - In order to invoke Custom Objects that are exposed as Scripto services, I need to pass username and password for authentication. How can I achieve this without having to pass them as query parameters in real world cases?


    To call Scripto services in a way that doesn't require you to pass username and password as URL parameters, call the "auth" service, get a token, and then authenticate your calls with that token:




    There are two self-explanatory parameters to that GET request - principal.username and password.


    The return value looks like this:


    <?xml version='1.0' encoding='UTF-8'?> <ns1:WSSessionInfo     xmlns:ns1="http://type.v1.webservices.sl.axeda.com"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:WSSessionInfo">     <ns1:created>2015-06-25T18:15:29 +0000</ns1:created>     <ns1:expired>false</ns1:expired>     <ns1:sessionId>8b65875f-49ba-41f7-969e-2730de89c781</ns1:sessionId>     <ns1:sessionTimeout>1800</ns1:sessionTimeout> </ns1:WSSessionInfo>  


    The token is contained in the sessionId element. In this example, it's 8b65875f-49ba-41f7-969e-2730de89c781. You'll authenticate your Scripto calls with the sessionId:




    The sample return for the call above (a training exercise) is:


    <message>   <salutation>Hello, Artisan World!</salutation>   <head/> </message>  


    Note that the sessionId has a timeout value of 1800. This means the sesionId will expire in 30 minutes (the timeout is configurable by a Platform Administrator). Therefore, the typical workflow is for an extended application is to:

    • Collect credentials from the user of the application.
    • Use those credentials to get a sessionId from the auth service.
    • Check and renew the sessionId, as necessary.


    For in-depth sample code demonstrating that workflow, please see the Sample Project: Traxeda - Axeda Asset Tracking Application | Axeda Developer Connection.The JavaScript source file axeda.js contains several methods that demonstrate how to obtain, and then manage, a sessionId.