The Client Authentication REST API lives at /api/v1/client/login/.
The Authentication endpoint is to authenticate a user to the Infiniti REST Application Programming Interface. In other words, it is used to determine a user's identity and what permissions a user has for a set of Infiniti protected resources. No other method can be called to make requests to Infiniti protected resources without a successfully requesting and obtaining a Bearer Token (Session Token) via this endpoint.
There are several options for authenticating with the Infiniti REST API, the appropriate one depends on how your Infiniti environment is configured. Namely there are the following approaches
- Forms Authentication.
- Windows Authentication.
- SAML Authentication.
- Cookie Authentication.
Regardless of the authentication type chosen, the response will contain am authorizationToken that can be added to the Authorization Header of subsequent request.
{
"AuthorizationToken": "1acc7228-f289-4e47-8aeb-b6a09f03c6cf",
"UserGuid": "cfaacf2c-a6c1-41e6-b6e0-3646da572904",
"UserName": "admin",
"ProduceVersion": "1.0.0.0"
}
Authorization: Bearer <Token>
Authorization Tokens Notes:
- Have an expiry of one year
- Can be used interchangeably between Client and Admin APIs
- User Authorization/Roles are checked each time the token is used.