Session handling

Contents

Authentication in REST API is implemented through Auth Token.

Auth Token – unique string which is generated for limited period of time after successful client authorisation which is required to access any REST API resource by the client except “/auth” resource. One client is able to generate only 1 Auth token, new token is generated only if previous one has expired. This mean that if client will send several authorisation request within short period of time (until auth token expire) – all responses will contain same auth token value. Currently default expire time for token is 60 seconds.

Login

URI: /auth
Request method: PUT

Name Description
login Client REST API login. Acquired by the registrar in their registrar console by visiting page “Profile” -> “Registrar details”
password Client REST API password. Acquired by the registrar in their registrar console by visiting page “Profile” -> “Registrar details”

Request example:

After successful authentication request, response will contain following elements:

  • login – requested login to authenticate.
  • token – auth token.
  • created – timestamp when token was created.
  • expires – timestamp when token will expire.
  • code – response code. 1000 if operation successful.
  • message – response message. Generally its a description for response code.
  • cltrid – client transaction ID which was provided in request.
  • svtrid – server transaction ID which was generated by ST Registry for corresponding request.
  • time – request execution time in seconds.

Response example:

Logout

Client is able to terminate Auth Token using DELETE request method. If request is successful – ST Registry will terminate provided Auth token.

URI: /auth
Request method: DELETE

Request example:

After successful request, response will contain following elements:

  • code – response code. 1000 if operation successful.
  • message – response message. Generally its a description for response code.
  • cltrid – client transaction ID which was provided in request.
  • svtrid – server transaction ID which was generated by ST Registry for corresponding request.
  • time – request execution time in seconds.


Response example:

If token has expired or is invalid – response code “2201” will be returned to the client request.

Auth token validation

Client is able to validate existing Auth token to verify if token has not expired yet on ST Registry side, get information when its going to expire or just to synchronise with ST Registry server time.

URI: /auth
Request method: GET

Request example:

After successful request, response will contain following elements:

  • code – response code. 1000 if operation successful.
  • message – response message. Generally its a description for response code.
  • created – timestamp when token was created.
  • expires – timestamp when token will expire.
  • reqtime – server timestamp which identify when request was made.
  • cltrid – client transaction ID which was provided in request.
  • svtrid – server transaction ID which was generated by ST Registry for corresponding request.
  • time – request execution time.

Response example:

If token has expired or is invalid – response code “2201” will be returned to the client request.

 

dotster