AlchemyJ by Axisoft

4.0

REST API Token Authorization Worksheet

You can configure the REST API Token Authorization Worksheet to enable your REST API to support JSON Web Token for authorization. The token can be issued by the same system or another system.

This worksheet defines how the API is authorized by the JSON Web Token.

Basic Settings

Enable token authorization

Yes, to enable the token authorization. No, does not enable the token authorization.

JSON Web Token Authorization

Protected URL path

This property defines which URL pattern where a JWT token is expected. For example, /** means a JWT token is expected for all resources.

JWT Secret

The key used to renew and decode the JWT. For the configuration of generating the JWT, please refer to the JSON Web Token Generation Settings section of the REST API Login Service worksheet.

  • If this API only processes JWT that is generated by another authentication service, obtain the key from the administrator of that service.

  • If this API generates JWT for authentication of itself, define your own key here and it must be the same as the one that is defined in the JSON Web Token Generation Settings section of REST API Login Service worksheet. Otherwise, it will fail when parsing the JWT.

In any case, the key shall not be shared with a client (e.g. a user).

Token location

The place to store the generated JWT token. Two options are provided. Cookie: storing in Cookies. Header: storing in HTTP header.

Token name

If the Token location is "Cookie", this defines the Cookie name. If the Token location is "Header", this defines the header element that is used for setting (response) and retrieving (request) the JWT. It is commonly set as Authorization.

Token refresh interval (ms)

The interval for refreshing the JWT token. The unit is millisecond.

Expiration (ms)

The expiration time of the JWT token. The unit is millisecond.

For example, if you set this as 1800000, that is 1800 seconds. The token will expire in 1800 seconds (30 minutes).

Invalid token return JSON

Defines the JSON response when the authentication fails. It supports the following place holder:

  • ${errorMessage} would be replaced by the authentication error message when authentication failed. This is similar to the successful case.
REST API Login Service WorksheetREST API User Details Service Worksheet