Authentication ensures that API callers in your solutions are authorized to access Symphony resources.
When an API caller starts, it performs both session authentication and key manager authentication to obtain session tokens. These two tokens, which the bot treats as opaque data, are presented in custom headers with each subsequent REST API request.
Perform this process using the RSA public/private key pair workflow.
Session Token Management
The token you receive is valid for the lifetime of a session that is defined by your pod's administration team. This ranges from 1 hour to 2 weeks.
You should keep using the same token until you receive a HTTP 401, at which you should re-authenticate and get a new token for a new session.
Datafeeds survive session expiration, you do not need to re-create your datafeed if your session expires.
When a bot process (API caller) starts, it calls the RSA Session Authenticate endpoint for authenticating on the Symphony servers (pod). This endpoint examines the JWT provided to identify the bot user and return a session token.
The bot then calls the analogous RSA Key Manager Authenticate endpoint for authenticating on the key manager. This endpoint returns a Key Manager token.
For more information, see RSA Bot Authentication Workflow.
Updated 4 months ago