User Authentication

Arkance Systems Benelux

With each API call you need to supply access token as part of the URI. This topic explains how to generate an OAuth 1.0 HMAC-SHA1 access token for a HTTP request. This token will be suitable for passing to the REST API as part of an authorized request. To get the access token in first place call following API method:


HTTP GET http://api.geoview.be/geoservice/v1/users/login


In addition to the login verb, following oauth_* parameters need to be included in the signature request:


Parameter

Value

Description

oauth_version

1.0

Should always be 1.0 for any authorization request sent to the REST API.

oauth_nonce

7152907

A unique token your application should generate for each unique request. REST API will use this value to determine whether a request has been submitted multiple times. The value for this request was generated by base64 encoding 8 bytes of random data, and stripping out all non-word characters, but any approach which produces a relatively random alphanumeric string should be OK here.

oauth_timestamp

1419247657

Indicates when the request was created. This value should be the number of seconds since the Unix epoch at the point the request is generated, and should be easily generated in most programming languages. REST API will reject requests which were created too far in the past, so it is important to keep the clock of the computer generating requests in sync with NTP.

oauth_signature_method

HMAC-SHA1

Should always be HMAC-SHA1 for any authorization request sent to the REST API.

oauth_consumer_key

Demo

Case-sensitive OAuth consumer key.

oauth_signature

3s4eUHv5iuyQtdg7LyMtwFVQ1do=

Encrypted signature value based on OAuth consumer secret.

client

2

Type of client application making this REST API call. See property constraints for more info. If omitted, "Unknown" client application is assumed.


When generating OAuth signature on client side using any 3rd party OAuth 1.0 library, you need to supply following values to the signature generator method:



The final access token request URI may look like following:


HTTP GET http://api.geoview.be/geoservice/v1/users/login?oauth_version=1.0&oauth_nonce=7152907&oauth_timestamp=1419247657&oauth_signature_method=HMAC-SHA1&oauth_consumer_key=demo&oauth_signature=3s4eUHv5iuyQtdg7LyMtwFVQ1do=&client=2


If user gets successfully authenticated, following JSON structure is being returned to the caller:


Field

Value

Description

token

8c9685a1-a1e2-4e4d-b147-3aabe44543a4

Access token you need to supply with each REST API call.

uid

382be5e5-b538-4093-a825-522467ddb540

Authenticated user's unique identifier.

firstname

Demo

Authenticated user's first name.

lastname

Demo

Authenticated user's last name.

company

Demo Company

Authenticated user's company name.

email

demo@company.com

Authenticated user's e-mail address.

permissions

1

User credentials bit-flag value (1=Read, 2=Write, 4=Administrator).

srs

31370

User spatial reference system ID (returned by this API method).

locale

en-us

User language locale (LCID string).

map


User default map definition.

 

After you're done with REST API, don't forget to log-out from GeoView Server server:


HTTP GET http://api.geoview.be/geoservice/v1/users/logout?token=<token>