Access and authentication for REST API
Authentication scheme
The BMC Helix Network Service Operations REST API leverages the authentication mechanism of BMC Helix Innovation Suite.
BMC Helix Innovation Suite follows the OAuth 2.0 specification with API tokens provided by BMC Helix Single Sign-On. An authentication token is an opaque string. A token is associated with BMC Helix Network Service Operations user, which could be either a local user or an LDAP user.
For more information about the authentication mechanism and how you can use BMC Helix Single Sign-On for authentication, see Using authorization REST APIs to consume BMC Helix Single Sign-On
How to generate authentication tokens
A new token is generated for each user request. The token is valid for a configurable amount of time and acts like a temporary password. The expiry time of the token depends on the idle timeout and absolute timeout.
The following example is of a sample login request:
Host: localhost
Accept: */*
X-Requested-By: XMLHttpRequest
Content-Type: application/json;charset=UTF-8
{
"userName": "user",
"password": "userpassword",
"locale": "en-us"
}
The "locale": "en-us" name value pair in the above code is optional. This command returns a cookie. In subsequent REST calls, this cookie is used.
As a response to the login request, the encoded JWT is sent as a response body:
For more information about BMC Helix Innovation Suite authentication mechanism, see Login information.
Permissions
During authentication, a permission check decides whether the user is allowed to perform the requested action. The user must have the required permission in BMC Helix Network Service Operations to perform the operation.