Authenticate Users for Calyx RIM API

Authentication is required to use the API.

1. Submit an HTTP GET request to get a token. Send an HTTP request (GET-request) to http://hostname:port/insight/api/v2/token. The body of the JSON response will include { "token": "F1AE44E28CB43CDECB2D0A104EB5DF4B" } with the current session ID. The response header contains the following values:
   • X-CSRF-HEADER → X-CSRF-TOKEN
   • X-CSRF-PARAM → _csrf
   • X-CSRF-TOKEN → 40d67d97-fb28-4a78-a111-5bae0ee706bb
2. Use that token and login information to get authenticated. Send a login POST-request to pass authentication. You should use the same session (set JSESSIONID):
   • URI: http://hostname:port/insight/api/v2/login
   • Request header values:
     • Content-Type: "application/json"
     • X-CSRF-TOKEN: 40d67d97-fb28-4a78-a111-5bae0ee706bb - This value is retrieved as a result of the previous request. (http://hostname:port/insight/api/v2/token)
   • Request body (JSON): {"username": "external_system_abc", "password": "password_abc"}
3. After successful login, the application creates a new session and a new token to use in subsequent API calls. The response header will contain the following values:
   • X-CSRF-HEADER → X-CSRF-TOKEN
   • X-CSRF-PARAM →_csrf
   • X-CSRF-TOKEN → c3cc7d40-348e-410c-bcb6-bc0accdfaff5
4. Make an API call with your new token. All subsequent REST API POST-requests (read/create/create-or-update/delete for a specific entity) should be sent through "/api/v2" URI (e.g. http://hostname:port/insight/api/v2/event/46098/delete) with the following attributes:
   • Request header values:
     • Content-Type: "application/json"
     • X-CSRF-TOKEN: c3cc7d40-348e-410c-bcb6-bc0accdfaff5
   • Request body: JSON object for the specific entity.
5. Instead of X-CSRF-TOKEN header, you can use the "_csrf" param.