Access and authentication for the simplified REST API
Authentication scheme
The BMC Helix ITSM simplified REST API leverages the authentication mechanism of BMC Helix Innovation Suite.
BMC Helix Innovation Suite follows the OAuth 2.0 specification with API tokens provided by BMC Helix Single Sign-On. An authentication token is an opaque string. A token is associated with one BMC Helix ITSM user, which could be either a local user or an LDAP user.
For more information about the authentication mechanism and how you can use BMC Helix Single Sign-On for authentication, see Using authorization REST APIs to consume BMC Helix Single Sign-On.
How to generate authentication tokens
A new token is generated for each user request. The token is valid for a configurable amount of time and acts like a temporary password. The expiry time of the token depends on the idle timeout and absolute timeout.
The following is an example of a sample login request:
Host: localhost
Accept: application/json
X-Requested-By: XMLHttpRequest
Content-Type: application/json;charset=UTF-8
{
"userName": "user",
"password": "userpassword",
"locale": "en-us"
}
The "locale": "en-us" name value pair in the above code is optional. This command returns a cookie. In subsequent REST calls, this cookie is used.
As a response to the login request, the encoded JWT is sent as a response body:
For more information about BMC Helix Innovation Suite authentication mechanism, see Login information.
Permissions
During authentication, a permission check decides if the user is allowed to perform the requested action. The user must have the required permission in BMC Helix ITSM to perform the operation.