The Token-Based AuthenticationA Token can be used to authenticate a user or a device in place of a signature. This allows the creation of applications that do not need access to the passwords of the users and devices which are required for signature generation. Tokens provide a layer of simplicity, but must obey the following restrictions:
- Token-based authentication is enabled for user and device requests only. Owner requests must use signatures.
- Token-based authentication is enabled under secure (https) connections only.
When no longer needed, Token can be deleted and cleared using DeleteToken.
In order to use a token-based authentication, requests should specify the authentication mode by setting the value of the parameter “apsws.authMode” to “token”. In addition, the token should be passed with the parameter "apsdb.authToken", and the user with the parameter "apsws.id".