The various Ascribe™ APIs, such as the Ascribe Coder API, share a common authentication operation. You authenticate with the API by a POST to the /Sessions resource. To interact with any of the other resources in the APIs you must include a token returned in the POST response in an HTTP header.
Obtaining an Authentication Token
To obtain an authentication token, POST to the /Sessions resource. The body of the POST request contains the login credentials for an Ascribe user: Account, Username, and Password. The body of the POST request has this form:
{ "account": "MyAscribeAccount", "userName": "apiuser", "password": "--------" }
Here we are authenticating as with the user name apiuser
, on the MyAscribeAccount
. We recommend that you create an Associate in Ascribe exclusively for the API. This is because the time accounting features of Ascribe will attribute activity initiated via the API to this user. This makes interpretation of the time accounting reports easier.
The POST response has this form:
{ "authenticationToken": "0e2338c4-adb4-474a-a26a-b9dbe1b32ac8", "bearerToken": "bearer eyJhbGciOiJSUzI1NiIsInR5cC ... WiiVzXPhdgSWNvH1hNOIirNmg" }
The value of the bearerToken
property is actually much longer than shown here. You can use either of these tokens (but not both) in subsequent operations with the API.
Differences between the Token Types
The authenticationToken
returned by the /Sessions resource expires after 30 minutes of inactivity with the API. In other words, you must perform an operation with the API at least once every 30 minutes. After that you must obtain another token from the /Sessions resource. The token will remain valid indefinitely if you do make a request at least once every 30 minutes.
The bearerToken
does not expire. Once you have obtained a bearerToken
it will remain valid until the login credentials of the user are changed.
Using Authentication Tokens
To use the authenticationToken
returned by the /Sessions resource, include it in an HTTP header. The key of the header is authentication
, and the value is the authenticationToken
. The raw HTTP request looks like this:
GET /coder/studies accept: application/json, text/json, application/xml, text/xml authentication: 207e5be1-c3fa-4ff6-bbc7-475a367ec095 cache-control: no-cache host: webservices.languagelogic.net accept-encoding: gzip, deflate
To use the bearerToken
, use an HTTP header whose key is “authorization” and value the bearerToken
. The raw HTTP request looks like this:
GET /coder/Studies accept: application/json, text/json, application/xml, text/xml authorization: Bearer eyJhbGciOiJSUzI1NiI ... lJqc7nPxcFdU3s90BkOPlPF6wTxkzA cache-control: no-cache host: webservices.languagelogic.net accept-encoding: gzip, deflate
Summary
The Ascribe APIs require the remote client to authenticate. The remote client authenticates by providing user credentials, and uses one of the two tokens returned in subsequent operations with the API.
See the Ascribe Coder API documentation, and the Ascribe CX Inspector API documentation for more information.