Description

The DeleteToken API allows users and devices to delete their own Tokens or Account Owners to delete devices and users' Tokens, essentially logging a user or a device out of a token-based authentication session. If a Token cookie was sent in the request, this API also attempts to delete the Token cookie from the user's browser by setting the cookie expiry in the response.

What is a Token?

In Apstrata, all requests must be authenticated. There are four methods for authenticating Apstrata requests:

Default Signature: This is the most secure method of authentication because it requires hashing all content of a request along with the secret of the account or the password of the user or the device and then sending the hash. (read more)
Simple Signature: This is the easiest method of authentication. It requires hashing a few select parameters along with the secret of the account or the password of the user or the device and then sending the hash. It is recommended for testing and for applications that do not have access to all parameters, e.g., files, in a request. (read more)
Token-Based Authentication: This is the recommended method of authentication for applications that make most requests with Apstrata users and devices, as opposed to owners, for use with SSL encrypted connections over HTTP POST. It provides a similar experience to sessions since a Token is generated and renewed over a period of time, without the need to generate a signature for every request. (read more)
Bearer Token Authentication: This authentication allows the users and devices to issue a request using a bearer token in the header. In order to issue a request with a token bearer header, you first need to generate a token for a user or a device. Users and devices make authenticated requests with a bearer token using the Authorization request header field. (read more)

A Token can be used to authenticate a user or a device in place of a signature. This allows the creation of applications that do not need access to the passwords of the users and devices which are required for signature generation. Tokens provide a layer of simplicity, but must obey the following restrictions:

Token-based authentication is enabled for user and device requests only. Owner requests must use signatures.
Token-based authentication is enabled under secure (https) connections only.

A Token can be created or renewed using GenerateToken, RenewToken and VerifyCredentials APIs. It can then be passed as a parameter to requests instead of the signature.

When no longer needed, Token can be deleted and cleared using DeleteToken.

Specific Request Parameters

(Refer to Common Request Parameters)

Unlike other APIs, the "apsdb.authToken" and "apsws.id" parameters are not just used to authenticate the request but also to specify which user or device token to delete. Although these parameters are not mentioned below, they are required for a user or a device to delete their own token.

Name

Description

Required

Default

Possible Values

idList

This parameter has to be sent by the account owner to specify the list of users and/or devices identifiers whose tokens are to be deleted. When sending this parameter, "apsdb.authToken" and "apsws.id" parameters should not be sent.

Note: The owner can delete up to 100 device or user in the same request.

No

Comma separated list of device's or user's ids

Specific Logical Errors

(Refer to Common Logical Error Codes)

Error	Message	Status Code
DUPLICATE_PARAMETER_VALUE	Duplicate value not allowed for parameter "apsdb.authToken"	400
INVALID_PARAMETER	The parameter [paramName] is not allowed in DeleteToken The parameter [idList] is not allowed for user or device requests. The parameter list [idList,userList] is not allowed for user or device requests.	400
INVALID_TOKEN	Could not find the token [token]	400
INTERNAL_ERROR		500
IDENTIFIERLIST_REQUIRED	The parameter idList is required
IDENTIFIER_TOKEN_REQUIRED	The parameter apsdb.authToken is required.	400
INVALID_IDENTIFIERLIST	The parameter idList should not contain more than 100 identifiers.	400
INVALID_SIGNATURE		400
INVALID_REQUEST	DeleteToken is not allowed over non-secure connections.	400
MALFORMED_REFERER	Invalid originating referrer from the Referer header [RefererHeaderString]	400

Examples

Sample Request

Request URL: http://sandbox.apstrata.com/apsdb/rest/[AuthenticationKey]/DeleteToken?apsws.time=[timestamp]&apsws.authSig=[signature]

POST parameters:

idList=lila
idList=domingo@dodge.com
idList=hybiscus@flowers.com

Sample Response

Success XML:

<response xmlns="http://www.apstrata.com/services/schemas/apstrata_database_response.xsd">
    <metadata>
        <requestId>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</requestId>
        <status>success</status>
    </metadata>
</response>

Failure XML:

<response xmlns="http://www.apstrata.com/services/schemas/apstrata_database_response.xsd">
    <metadata>
        <requestId>xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx</requestId>
        <status>failure</status>
        <errorCode>[errorCode]</errorCode>
        <errorDetail>[failMsg]</errorDetail>
    </metadata>
</response>

Sample JSON Response

{"response": {
    "metadata": {
        "requestId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
        "status": "success"
    }
}}

Child pages

DeleteToken

Description

Specific Request Parameters

Specific Logical Errors

Examples