API Users are authorized via Auth Tokens that are generated within the application. The list of authorized Users and associated Auth Tokens are found in the Profile page of the administration console under the Security tab.
To generate a new User/Token combination, click the +Add button and specify which HTTP methods (GET, POST, PUT/MERGE/PATCH, DELETE) are allowed for this user.
Auth Tokens can be used within API requests in several ways:
- Include a x-arcesb-authtoken header in the HTTP request with the value set to an appropriate User’s Auth Token
- Treat the User and Auth Token as a username/password combination for HTTP Basic Authentication
- Include the Auth Token in the request URL as a query parameter
To include the Auth Token in the request URL, the AllowAuthTokenInURL setting must be enabled. This option is below the table of authenticated API users in the Security tab. Once this is enabled, the syntax of the Auth Token query parameter is as follows: ‘@authtoken=myAuthTokenValue’