admin
Child pages
  • DeleteToken
Skip to end of metadata
Go to start of metadata

Description

The DeleteToken API allows users to delete their own Tokens or Account Owners to delete users' Tokens, essentially logging a user out of a token-based authentication session. If a Token cookie was sent in the request, this API also attempts to delete the Token cookie from the user's browser by setting the cookie expiry in the response.

In apstrata, all requests must be  authenticated. There are three methods for authenticating apstrata requests:

1. Default signature: This is the most secure method of authentication because it requires hashing all content of a request along with the secret of the account or the password of the user and then sending the hash. (read more)

2. Simple signature: This is the easiest method of authentication. It requires hashing a few select parameters along with the secret of the account or the password of the user and then sending the hash. It is recommended for testing and for applications that do not have access to all parameters, like files, in a request. (read more)

3. Token-based authentication: This is the recommended method of authentication for applications that make most requests with apstrata users, as opposed to owners, for use with SSL encrypted connections over HTTP POST. It provides a similar experience to sessions since a Token is generated and renewed over a period of time, without the need to generate a signature for every request. (read more)

A Token can be used to authenticate a user in place of a signature. This allows the creation of applications that do not need access to the users password which is required for signature generation. Tokens provide a layer of simplicity, but must obey the following restrictions:

1. Token-based authentication is enabled for user requests only. Owner requests must use signatures.

2. Token-based authentication is enabled under secure (https) connections only.

Tokens can be created or renewed using VerifyCredentials and can then be passed as a parameter to requests instead of the signature.

When no longer needed, Tokens can be deleted and cleared using DeleteToken

 

 

Specific Request Parameters

(Refer to Common Request Parameters)

Unlike other APIs, the "apsdb.authToken" and "apsws.user" parameters are not just used to authenticate the request but also to specify which token for which user to delete. Although these parameters are not mentioned below, they are required for a user to delete their own token.

Name

Description

Required

Default

Possible Values

userList

This parameter has to be sent by the account owner to specify the list of user logins whose tokens are to be deleted. When sending this parameter,"apsdb.authToken" and "apsws.user" parameters shouldn't be sent.

No

 

[The list of user logins whose tokens are to be deleted.]

Specific Response Elements

(Refer to Common Response Elements)

Specific Logical Errors

(Refer to Common Logical Error Codes)

Error

Message

Status Code

INVALID_PARAMETER

The parameter [paramName] is not allowed in DeleteToken

400

MALFORMED_REFERER

Invalid originating referrer from the Referer header [RefererHeaderString]

400

INVALID_TOKEN

Could not find the token [token]

400

INTERNAL_ERROR

Failed to update user [username]

500

USERLIST_REQUIRED

The parameter userList is required

400

USER_TOKEN_REQUIRED

The parameter apsdb.authToken is required

400

INVALID_USERLIST

The parameter userList should not contain more than 100 users

400

 

Examples

Sample Request

Request URL: http://sandbox.apstrata.com/apsdb/rest/[AuthenticationKey]/DeleteToken?apsws.time=[timestamp]&apsws.authSig=[signature]


POST parameters:

userList=john
userList=domingo@dodge.com
userList=hybiscus@flowers.com


Sample Response

Success XML:

<response xmlns="http://www.apstrata.com/services/schemas/apstrata_database_response.xsd">
    <metadata>
        <requestId>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</requestId>
        <status>success</status>
    </metadata>
</response>


Failure XML:

<response xmlns="http://www.apstrata.com/services/schemas/apstrata_database_response.xsd">
    <metadata>
        <requestId>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</requestId>
        <status>failure</status>
        <errorCode>[errorCode]</errorCode>
        <errorDetail>[failMsg]</errorDetail>
    </metadata>
</response>


Sample JSON Response

{"response": {
    "metadata": {
        "requestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "status": "success"
    }
}}

 

 

  • No labels