Generating Tokens

After configuring the encryption settings on the Project API Settings page, the Security and User Tokens may be generated for inclusion in requests. Here is a brief overview:

The tokens are first constructed in plaintext using either XML, JSON, or a form-url string.

Sample Plaintext XML Security Token:

<SecurityToken>
    <Context>MySecurityContext</Context>
    <AppId>MyAppId</AppId>
    <AppKey>MyAppKey</AppKey>
    <GenDT>2023-03-08T14:15:53-08:00</GenDT>
</SecurityToken>

Sample Plaintext XML User Token:

<UserToken>
    <UserName>admin</UserName>
    <Display>John Doe</Display>
</UserToken>

The plaintext tokens must then be encrypted and Base64 encoded in accordance with the standards chosen on the Project API Settings page.

Sample Security Token Encrypted and Base64 encoded:

"C15OEgi932oPFmjdi6LH9w94vBOqvrdua4vKA+aAnoHe3E+0s06jIYs/Q5LxY2nC17qcpyCUZtbSJRf/PDx7AeScDnzuyUJDynvlwUJF8ebdHBFUvNWTFw4Oad8gbrmG4tC72zcj9BlBYpJv0DW5PXr4g/hnlEDg8Q8Wh6E1oO/6jLF8Y4FQRUej/LzYzNUnMZ5SLahHV54PdMtjU5VHfsvNuwRrCITJF9gmXmQtFD44wtvbYjAT0GhbXTwHp0XQ"

Sample User Token Encrypted and Base64 encoded:

"MkclD3MPKt5gQBcRDoqek5neDQjto+rXc7cneMpPoQV+JqL52gJt4K2e3vOmjf6RCBRrQUjYh4fdzD2qT6iYIrXrEX6OblTTmoxfhpvehOQU6NvEpzOPgkfUl8fMU3TV"

Finally, the tokens must be URL encoded for use in API request URLs.

URL Encoded Security Token Passed to the XST parameter:

"C15OEgi932oPFmjdi6LH9w94vBOqvrdua4vKA%2BaAnoHe3E%2B0s06jIYs%2FQ5LxY2nC17qcpyCUZtbSJRf%2FPDx7AeScDnzuyUJDynvlwUJF8ebdHBFUvNWTFw4Oad8gbrmG4tC72zcj9BlBYpJv0DW5PXr4g%2FhnlEDg8Q8Wh6E1oO%2F6jLF8Y4FQRUej%2FLzYzNUnMZ5SLahHV54PdMtjU5VHfsvNuwRrCITJF9gmXmQtFD44wtvbYjAT0GhbXTwHp0XQ"

URL Encoded User Token Passed to the XUT parameter:

"MkclD3MPKt5gQBcRDoqek5neDQjto%2BrXc7cneMpPoQV%2BJqL52gJt4K2e3vOmjf6RCBRrQUjYh4fdzD2qT6iYIrXrEX6OblTTmoxfhpvehOQU6NvEpzOPgkfUl8fMU3TV"

For more information please see S4. Security Token Authentication and S3. User Token Credential Passing