Access and authentication for the REST API
BMC CMDB follows BMC Remedy AR System's authentication mechanism. All REST API calls must be authenticated. Instead of passing the full credentials on every REST API call, REST uses a token. The token is valid for a configurable amount of time and acts like a temporary password.
For more information, see
Connections by HTTP and HTTPS
By default, access to the REST API is over HTTP. However, on the HTTPS configuration page, you can enable API access over HTTPS.
For more information about configuring HTTP(S), see .
When you upgrade to BMC Remedy AR System 9.1.04, the previous configurations in the jetty-selector.xml file are ineffective. You must reconcile the configuration from the jetty-selector.xml file to the jetty-http.xml file.