Client Authentication

Most services at Authentise require client authentication as part of each API call. There are generally two ways of doing so: 1. via API token 2. via a user session.

Users will want to have an account created for them by a Bureau admin, so they can share or view files made by collegues.

Creating a User (Production)

To create a user with a proper relationship to a Bureau, you will need an Admin member of that Bureau to create the user for you. After your user is created, you will receive an e-mail containing a link, to set your password and log-in for the first time. For testing customers or engineers, this is usually done via a Customer Support ticket.

Creating a Session

Rather than constantly sending a plain-text password over the network, we can create a session, and use our session as our ‘key’ to use the API. Using an example user ‘EliRibble’ with password ‘my-scret’, an engineer can create a new session with Authentise via:

POST https://users.authentise.com/sessions/
Content-Type: application/json

{
    "username"  : "EliRibble",
    "password"  : "my-secret",
}

This will return a HTTPS code 201 on success and provide a Cookie called session. The cookie will have the domain set to anything within the authentise.com domain so that the session is included with requests to any of the other services.

You can now include this cookie in any of the requests you make to Authentise’s services as part of the header. If you fail to do so, or you provide an expired cookie, you’ll receive a 401 response code indicating your request was unauthorized.

If you make too many requests using a given session you may also receive a 429 status code which indicates you’ve hit our rate limiting and you need to stop sending so many requests.