1 Reply Latest reply on Jul 20, 2016 5:13 PM by ckaminski RSS
    sharmon Creator

    Axeda Scripto - How do I authenticate to Scripto services without passing username and password as query parameters?

    A student in the Axeda Groovy course had some good questions. Instead of answering via email, I thought I'd answer here, so we could share the knowledge.

     

    Scripto - In order to invoke Custom Objects that are exposed as Scripto services, I need to pass username and password for authentication. How can I achieve this without having to pass them as query parameters in real world cases?

     

    To call Scripto services in a way that doesn't require you to pass username and password as URL parameters, call the "auth" service, get a token, and then authenticate your calls with that token:

     

    https://training2.axeda.com/services/v1/rest/Auth/login?principal.username=student3&password=GroovyWay678

     

    There are two self-explanatory parameters to that GET request - principal.username and password.

     

    The return value looks like this:

     

    <?xml version='1.0' encoding='UTF-8'?> <ns1:WSSessionInfo     xmlns:ns1="http://type.v1.webservices.sl.axeda.com"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:WSSessionInfo">     <ns1:created>2015-06-25T18:15:29 +0000</ns1:created>     <ns1:expired>false</ns1:expired>     <ns1:sessionId>8b65875f-49ba-41f7-969e-2730de89c781</ns1:sessionId>     <ns1:sessionTimeout>1800</ns1:sessionTimeout> </ns1:WSSessionInfo>  

     

    The token is contained in the sessionId element. In this example, it's 8b65875f-49ba-41f7-969e-2730de89c781. You'll authenticate your Scripto calls with the sessionId:

     

    https://training2.axeda.com/services/v1/rest/Scripto/execute/HelloWorld?sessionID="8b65875f-49ba-41f7-969e-2730de89c781"

     

    The sample return for the call above (a training exercise) is:

     

    <message>   <salutation>Hello, Artisan World!</salutation>   <head/> </message>  

     

    Note that the sessionId has a timeout value of 1800. This means the sesionId will expire in 30 minutes (the timeout is configurable by a Platform Administrator). Therefore, the typical workflow is for an extended application is to:

    • Collect credentials from the user of the application.
    • Use those credentials to get a sessionId from the auth service.
    • Check and renew the sessionId, as necessary.

     

    For in-depth sample code demonstrating that workflow, please see the Sample Project: Traxeda - Axeda Asset Tracking Application | Axeda Developer Connection.The JavaScript source file axeda.js contains several methods that demonstrate how to obtain, and then manage, a sessionId.