Authentication
To access REST Services you must be authenticated, there is no anonymous access.
If you use REST services from within TargetProcess (e.g. from Mashups), REST Api will use the logged TP user for authentication.
There are two common authentication modes for TargetProcess REST API: Basic HTTP authentication and custom Token authentication.
HTTP 401 status code is returned if authentication failed.
Basic Authentication
To use Basic Authentication, you need to send Authorization: Basic header with every request. For example, if you want to be authenticated as admin:admin (login:password), you should send the following request:
GET targetprocess/api/v1/UserStories/ HTTP/1.1 Host: localhost Authorization: Basic YWRtaW46YWRtaW4=
YWRtaW46YWRtaW4= key is a Base64 encoded login and password values for admin:admin.
Token Authentication
Token authentication mode uses a custom security token provided with URL. To get a security token, you need to request an Authentication REST service via api/v1/Authentication uri. You need to be logged in TargetProcess. The token is valid as long as a user does not change their login or password.
GET targetprocess/api/v1/Authentication HTTP/1.1 Host: localhost
<Authentication Token="YWRtaW46OTRDRDg2Qzg1NjgzQUZDMzg3Qjg2QTVERTAxRTZEQzY="/>
Authentication service supports different formats as well.
The received token could be used with any REST service by adding token={token} request parameter to Uri.
GET targetprocess/api/v1/UserStories/?token=YWRtaW46QUFBMEEwQTAwMEFBQTBBMDBBMEEwQTBBMEEwMEFBMDA= HTTP/1.1 Host: localhost
