Key Manager Authenticate

Authenticates the API caller on the key manager using a JWT.

Authenticate with public key

post

Based on an authentication request token signed by the caller's RSA private key, authenticate the API caller and return a session token.

A HTTP 401 Unauthorized error is returned on errors during authentication (e.g. invalid user, malformed authentication token, user's public key not imported in the pod, invalid token signature etc.).

Body

tokenstringoptional

a JWT containing the caller's username or application appGroupId and an expiration date, signed by the caller's private key.

Responses

application/json

cURL

JavaScript

Python

HTTP

curl -L \
  --request POST \
  --url 'http://yourkeymanagerURL.symphony.com/relay/pubkey/authenticate' \
  --header 'Content-Type: application/json' \
  --data '{
    "token": "text"
  }'

200

401

403

500

{
  "name": "text",
  "token": "text",
  "authorizationToken": "text"
}

OK.

To know more about RSA authentication process, refer to RSA Bot Authentication Workflow.

For more information on creating and using an RSA key manager token, refer to RSA Bot Authentication Workflow.

❗️ Key Manager Token Management
The token you receive is valid for the lifetime of a session that is defined by your pod's administration team. This ranges from 1 hour to 2 weeks.
You should keep using the same token until you receive a HTTP 401, at which you should re-authenticate and get a new token for a new session.
Datafeeds survive session expiration, you do not need to re-create your datafeed if your session expires.

🚧 Important
The following restrictions apply:
The JWT must have an expiration date between the current time and five minutes from the current time.
The JWT must be signed by a private key matching the public key saved for its subject ("sub").
For more information on creating and using an RSA session token, refer to RSA Bot Authentication Workflow.

Last updated 11 months ago

Was this helpful?