cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 

Axeda Scripto - How do I authenticate to Scripto services without passing username and password as query parameters?

Highlighted
Bedrock

Axeda Scripto - How do I authenticate to Scripto services without passing username and password as query parameters?

A student in the Axeda Groovy course had some good questions. Instead of answering via email, I thought I'd answer here, so we could share the knowledge.

Scripto - In order to invoke Custom Objects that are exposed as Scripto services, I need to pass username and password for authentication. How can I achieve this without having to pass them as query parameters in real world cases?

To call Scripto services in a way that doesn't require you to pass username and password as URL parameters, call the "auth" service, get a token, and then authenticate your calls with that token:

https://training2.axeda.com/services/v1/rest/Auth/login?principal.username=student3&password=GroovyW...

There are two self-explanatory parameters to that GET request - principal.username and password.

The return value looks like this:

<?xml version='1.0' encoding='UTF-8'?> <ns1:WSSessionInfo     xmlns:ns1="http://type.v1.webservices.sl.axeda.com"      xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns1:WSSessionInfo">     <ns1:created>2015-06-25T18:15:29 +0000</ns1:created>     <ns1:expired>false</ns1:expired>     <ns1:sessionId>8b65875f-49ba-41f7-969e-2730de89c781</ns1:sessionId>     <ns1:sessionTimeout>1800</ns1:sessionTimeout> </ns1:WSSessionInfo>  

The token is contained in the sessionId element. In this example, it's 8b65875f-49ba-41f7-969e-2730de89c781. You'll authenticate your Scripto calls with the sessionId:

https://training2.axeda.com/services/v1/rest/Scripto/execute/HelloWorld?sessionID="8b65875f-49ba-41f...

The sample return for the call above (a training exercise) is:

<message>   <salutation>Hello, Artisan World!</salutation>   <head/> </message>  

Note that the sessionId has a timeout value of 1800. This means the sesionId will expire in 30 minutes (the timeout is configurable by a Platform Administrator). Therefore, the typical workflow is for an extended application is to:

  • Collect credentials from the user of the application.
  • Use those credentials to get a sessionId from the auth service.
  • Check and renew the sessionId, as necessary.

For in-depth sample code demonstrating that workflow, please see the Sample Project: Traxeda - Axeda Asset Tracking Application | Axeda Developer Connection.The JavaScript source file axeda.js contains several methods that demonstrate how to obtain, and then manage, a sessionId.

1 REPLY 1
Highlighted

Re: Axeda Scripto - How do I authenticate to Scripto services without passing username and password as query parameters?

Please see solution #CS232534, Authentication when using the Axeda Platform REST API​ for detailed examples of how to do authentication.

Announcements

Thingworx Navigate content has a new home! Click here to access the new Thingworx Navigate forum!