Authentication and authorization
Use this page to understand how Administration API authentication works before you call protected endpoints. For complete operation details, see the Administration API reference.
Authentication
The Administration API uses the following security scheme:
| Field | Value |
|---|---|
| Security scheme type | apiKey |
| Header parameter name | Authorization |
The raw HTTP examples in REST examples show the Authorization header both with and without the Bearer prefix.
These APIs facilitate authentication between your Admin API application and Identity as a Service. You must make this call before making any other Admin API calls. The call generates an authentication token value that must be included in all other Admin API requests.
The Admin API authentication response includes the token's expiration time. For instance:
{
"authToken": "GLrKMuDGiIWPJooDRFTZIHc65RyjJBiPdy4b5xNR8fKxXfwy4tbSIvh+xiFHlJ2p6tm3FuOZ34sxjCHYbDa77eLrxFcMuwYjRMmLWsUIGfkpfg33Wb/5X01Xag4Vdjz5DpVKfCg/OL2rnd4tfCfzM9FoY+vY/sllGgRtQkGeZodsi+QvazqQS1iJ5e6i5ouR05P52YsLgmMlZ4mUfH3JiXZmkkAJvXuM3oj9msi/a4ULWeUGYW5oHM5Gs6ab37baa5xzVykzowHdIoZMVeC8+zVqDr+yXTAHVysBYQHngyckgBizDc2g49RgRTEz2k+yRIvwUU5swGzKtgt6kYtyyFM8YdeODB59Fkl8w5mQQDpxIyZcclCFv2C+MBWdnbM0kJIgNtE1ZeRA+zxwS6avE8EKw3T9Nczs6KBfycV3NxgxTvTQIxNi3kPA8XdJtAmCkUR/gyLkqJXk7bGDvFo4+rWR4uX2XxHm2NZGTNA1QezK96Y7JVjImfoHlUJnxGm207/kVPIVtSUD+6XuEl0uVvrtnTPmQnpq3P0gTYvon3Cw1caQvIydtrUv4yfs4Q/WVvSF3GQh3uet/IkUeGbkxLn43CSVz2hCQoeF8jxIoiJuSAxs1e3phylp0plijvok01Tbit6um/x4tK5UZYCRZYmeSD/ltXGtZNOoA4YHh5cDK+KcDy2tuWaexi2Hf+nJ5adqiMHwuozIH69Eqc6OZ9o86t75mIdux8zLgWt0T3SFOphtCvF0L8BdxICrEXGMDhguRRH7f+/IPU0ggFwnxsIV2a3c4oOayFfHwVSg4rGSKfWuWtkfNavA8RI5y6JOKzMrulrdg+gzuBMms2nKn38HNIRu2pKMVzQ2jU8CrtPgOT8=",
"expirationTime": "2020-01-23T16:30:58Z",
"creationTime": "2020-01-23T16:15:58Z"
}
If you use this authentication token to make requests after it expires, the service will return an UNAUTHORIZED response code (401) and you will need to reauthenticate to obtain a new token.
Some workarounds to prevent this are:
- Always reauthenticate before making a request; or
- Track the expiration time and reauthenticate when you detect that it has expired; or
- Send an OPTIONS request to the same endpoint to detect whether the token has expired. This can be useful with endpoints receiving a large payload such as images where the token can expire before the request has completed. In these cases the request may fail with a 500 error.
When an admin API application authenticates, there is an option to enable a web session to add additional security to the session. This is done by setting the enableWebSession argument passed to the authentication controller to true. When a web session is enabled, an HTTP session cookie named INTELLITRUST_SESSION_ID will be returned with the authentication results. This cookie must be included with all subsequent admin API calls along with the authentication token.
Contact
For help with Entrust Identity as a Service Administration API integrations, contact support@entrust.com or visit https://www.entrust.com/.
Next steps
- Review Administration API categories to decide which areas of the API you need.
- Use REST examples for raw HTTP request and response examples.
- Use SDK examples if you prefer client libraries.