Session Authenticate (Cert)

Authenticates the API caller on the Symphony servers (pod) using the client certificate provided in the TLS session, returning a session token.

Backward compatibility breaking notice: Starting in March 2025, the request's Content-type header must be empty, and its body must be null.

Authenticate.

post

Based on the SSL client certificate presented by the TLS layer, authenticate the API caller and return a session token.

Responses

200

OK.

application/json

namestringOptional

The name of the header in which the token should be presented on subsequent API calls.

tokenstringOptional

Authentication token that should be passed as header in each API rest calls. This should be considered opaque data by the client. It is not intended to contain any data interpretable by the client. The format is secret and subject to change without notice.

authorizationTokenstringOptional

(Beta) Short lived access token built from a user session. This field is still on Beta, please continue using the returned "token" instead.

400

Client error.

application/json

403

Forbidden: Certificate authentication is not allowed for the requested user.

application/json

500

Server error, see response body for further details.

application/json

post

/v1/authenticate

POST /sessionauth/v1/authenticate HTTP/1.1
Host: yourpodURL-api.symphony.com
Accept: */*

{
  "name": "text",
  "token": "text",
  "authorizationToken": "text"
}

❗️ Session Token Management
The token you receive is valid for the lifetime of a session that is defined by your pod's administration team. This ranges from 1 hour to 2 weeks.
You should keep using the same token until you receive a HTTP 401, at which you should re-authenticate and get a new token for a new session.
Datafeeds survive session expiration, you do not need to re-create your datafeed if your session expires.

To call the Session Authenticate endpoint, you must provide a certificate where the Common Name of the certificate matches the username of an active Service User account on your pod.

🚧 Important
Before calling any of the Pod or Agent API endpoints, the caller must be authenticated on both the pod and key manager by calling this endpoint, followed by the Key Manager Authenticate endpoint.
The certificate used for authentication (and therefore the Root certification) must have a strength of 4096 bits, or the cert will be rejected
Symphony prevents bots from calling this endpoint when the following conditions are true:
An application and a bot have the same name.
The application specifies a valid certificate in its manifest file.
The application is enabled and not marked for deletion. For more information about enabling and deleting applications, see the Symphony Administration Guide.
The request's Content-type header must be empty, and its body must be null.

Note that the Session Authenticate endpoint may return an authorizationToken (short lived access token built from a user session) in addition to the session token. Please note this has been introduced as beta and should not be used until further notice; please continue using the returned "token" instead.

Last updated 1 year ago

Was this helpful?

hashtagAuthenticate.

hashtag❗️ Session Token Management

hashtag🚧 Important

Authenticate.

❗️ Session Token Management

🚧 Important