Important Update: Community URLs redirect issues are partially resolved. Learn More. .

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

API user authentication

SergeiBakhaev
Contributor III

‎2017-08-29 05:55 AM

Hello!

I have a simple JavaScript script, that users will use to update records in Archer. I'm planning to insert this script into custom iView.

How I can authenticate users if I have SSO enabled?

For testing purposes I use specially created user. But for production this is a no go because it's password is plaintext in script.

Do you have any ideas on this?

As far as I know, A2A data feeds use web services as well. How data feed authenticates itself?

0 Kudos
6 REPLIES 6

Anonymous
Not applicable

‎2017-08-29 09:15 AM

Sergei,

 

If the script is being put in an iView, then the user who will interact with it is already authenticated to the platform. As such, you can just make the REST API calls and it will automatically use the session token of the logged in user.

0 Kudos

SergeiBakhaev
Contributor III
In response to Anonymous

‎2017-08-29 09:20 AM

Thanks for reply,

 

Yes, user already authenticated. But if I'm not wrong, token cookie should be HTTP only?

How I can get user's token?

0 Kudos

Anonymous
Not applicable
In response to SergeiBakhaev

‎2017-08-29 09:26 AM

Yes, the cookie is httpOnly so it's not accessible via JavaScript. As I said, if you are making REST API calls, you do not need a token to pass with the call. The system does this part for you.

 

If you are making SOAP calls, then you need to pass in a token, which can be scraped out of the DOM as part of the ArcherApp.globals variable.

0 Kudos

SergeiBakhaev
Contributor III
In response to Anonymous

‎2017-08-29 09:51 AM

Yes, unfortunately, I'm using web services.

I've looked into developer tools, and can't find ArcherApp variable.

Is it available in all versions? Currently, I'm using 5.5 version.

0 Kudos

Anonymous
Not applicable
In response to SergeiBakhaev

‎2017-08-29 10:26 AM

That variable was introduced in the 6.x product line, so would not be available to you in 5.x, sorry.

 

Let me think on a way you could get token via JS on 5.5 and I'll get back to you. GhgcdMq8HwHRCWZuqMwEETnAH3l0sBKt8utOGHAgtsY=‌, any thoughts?

0 Kudos

DavidPetty
Archer Employee
Archer Employee
In response to Anonymous

‎2017-08-29 10:44 AM

jHmVuAV1KNWv4sExZDTV0RYs6gnE44nt7BPSRVzixjo=‌ there is no way in 5.5 to get the users session token via client side JavaScript.

 Advisory Consultant