cancel
Showing results for 
Search instead for 
Did you mean: 

REST call logging user out

KeithBenedict
Contributor III

I created a new set of REST endpoints using MVC to perform some of the queries that the Archer REST endpoints aren't capable of doing. For example, I've create a REST endpoint which returns a user's user id by using their email address. 

I am able to hit these newly-created REST endpoints with a custom object, but every time I hit the REST endpoint from an Archer custom object, I get logged out of Archer. The endpoint is installed as a sub-application to the site which contains Archer. Archer is installed on the Default Web Site and my new REST endpoint is installed as an application under the Default Web Site.

Is there some code that I need to add to my REST endpoint to prevent it from logging the user out who uses that endpoint?

3 REPLIES 3

DavidPetty
Archer Employee
Archer Employee

Keith, Archer's APIs are using the user's session token to authenticate via a cookie and I'm assuming that's not being looked at from your sub-application hence the user session token being re-issued.

 Advisory Consultant - Archer, an RSA Business

KeithBenedict
Contributor III

The endpoint I created does not login to Archer. It hits the DB directly. Is there some example code I can look at to see how and what I should do to handle the session token in my endpoint? We use the Data Feed Initiator as well. Ideally I would just add my code to that project, but RSA doesn’t provide the code behind the DFI. Would it be possible to get that code?

Hey Keith,

Better late than never...

If you are getting logged out, that usually means that some process has authenticated with your credentials, overwriting your session.

With regard to dealing with the session token in your MVC handler, you can just validate it through a stored proc call. You don't need it for direct DB access.

Unfortunately, the source code for the DFI is not something we are able to share with the community.