User Authentication

With each API call you need to supply access token as part of the URI. This topic explains how to generate an OAuth 1.0 HMAC-SHA1 access token for a HTTP request. This token will be suitable for passing to the REST API as part of an authorized request. To get the access token in first place call following API method:

HTTP GET http://api.geoview.be/geoservice/v1/users/login

In addition to the login verb, following oauth_* parameters need to be included in the signature request:

Parameter	Value	Description
oauth_version	1.0	Should always be 1.0 for any authorization request sent to the REST API.
oauth_nonce	7152907	A unique token your application should generate for each unique request. REST API will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 8 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.
oauth_timestamp	1419247657	Indicates when the request was created. This value should be the number of seconds since the Unix epoch at the point the request is generated, and should be easily generated in most programming languages. REST API will reject requests which were created too far in the past, so it is important to keep the clock of the computer generating requests in sync with NTP.
oauth_signature_method	HMAC-SHA1	Should always be HMAC-SHA1 for any authorization request sent to the REST API.
oauth_consumer_key	Demo	Case-sensitive OAuth consumer key.
oauth_signature	3s4eUHv5iuyQtdg7LyMtwFVQ1do=	Encrypted signature value based on OAuth consumer secret.
client	2	Type of client application making this REST API call. See property constraints for more info. If omitted, "Unknown" client application is assumed.

When generating OAuth signature on client side using any 3rd party OAuth 1.0 library, you need to supply following values to the signature generator method:

Consumer key - user name (case-sensitive)
Consumer secret - user password (case-sensitive)

The final access token request URI may look like following:

HTTP GET http://api.geoview.be/geoservice/v1/users/login?oauth_version=1.0&oauth_nonce=7152907&oauth_timestamp=1419247657&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=demo&oauth_signature=3s4eUHv5iuyQtdg7LyMtwFVQ1do=&client=2

If user gets successfully authenticated, following JSON structure is being returned to the caller:

Field	Value	Description
token	8c9685a1-a1e2-4e4d-b147-3aabe44543a4	Access token you need to supply with each REST API call.
uid	382be5e5-b538-4093-a825-522467ddb540	Authenticated user's unique identifier.
firstname	Demo	Authenticated user's first name.
lastname	Demo	Authenticated user's last name.
company	Demo Company	Authenticated user's company name.
email	demo@company.com	Authenticated user's e-mail address.
permissions	1	User credentials bit-flag value (1=Read, 2=Write, 4=Administrator).
srs	31370	User spatial reference system ID (returned by this API method).
locale	en-us	User language locale (LCID string).
map		User default map definition.

After you're done with REST API, don't forget to log-out from GeoView Server server:

HTTP GET http://api.geoview.be/geoservice/v1/users/logout?token=<token>