Web Service Authentication - web_services - Latest

Spectrum OnDemand Web Services (REST)

Product type
Product family
Spectrum > Geocoding > Enterprise Tax
Spectrum > Web Services
Spectrum > Spatial > Spectrum Spatial
Spectrum > Spectrum Platform
Spectrum > Quality > Addressing
Spectrum > Quality > Spectrum Quality
Spectrum > Spatial > Spectrum Spatial Insights
Spectrum > Discovery
Spectrum OnDemand
Spectrum > Dataflow Designer
Spectrum > Spatial > Spectrum Spatial Analyst
Spectrum > Quality > Context Graph
Product name
Spectrum OnDemand
Spectrum OnDemand Web Services (REST)
First publish date

Spectrum OnDemand web services require authentication with valid user credentials. There are two methods for authenticating: Basic authentication and authentication by token.

Basic authentication

With Basic authentication, the user ID and password are passed to Spectrum OnDemand in the HTTP header of each request to the web service. Basic authentication is allowed by default, but your administrator may choose to disable Basic authentication. If Basic authentication is disabled you must use token authentication to access web services.

Authentication by token

With authentication with a token, the requester obtains the token from the Spectrum OnDemand server, then uses it when sending a request to the web service. Instead of sending user credentials in each request, the token is sent to the server and the server determines if the token is valid.

The diagram below illustrates the process:

  1. Obtain a token from the Spectrum OnDemand server by sending a request to the token manager service.
  2. The token manager service issues a token. If you requested a session token it also issues a session ID.
  3. Send a request to the desired web service with the token in the HTTP header. For session tokens, include the session ID in the HTTP header.
  4. The web service issues a response. You can use the token to make additional web service requests to either the same web service or any other web service on the Spectrum OnDemand server. There is no limit to the number of web service requests you can make with a token, but if the token has an expiration limit (also known as a time-to-live) it will become invalid after the time-to-live has elapsed. If the token is a session token, it will become invalid after 30 minutes of inactivity.
  5. When the token is no longer needed you should log out by sending a request to the token logout web service. This will remove the token from the list of valid tokens on the Spectrum OnDemand server.