The same list of users that can log in to CData Sync directly is used to manage Sync API access. Each user created within the Application can be granted an Auth Token that is used to authenticate to the Sync API. The list of authorized Users and associated Auth Tokens are found in the Settings page of the administration console under the Users tab.
Auth Tokens can be used within API requests in several ways:
- Include an x-cdata-authtoken header in the HTTP request with the value set to an appropriate User’s Auth Token.
- Treat the User and Auth Token as a username/password combination for HTTP Basic Authentication.
- Include the Auth Token in the request URL as a query parameter.
To include the Auth Token in the request URL, the AllowAuthTokenInURL setting must be enabled. This option is below the table of Trusted IP Addesses in the Admin API tab. Once this is enabled, the syntax of the Auth Token query parameter is as follows: ‘@authtoken=myAuthTokenValue’.