Skip to content

API Tokens

Overview

MDCMS provides for the ability to retrieve and update information within MDCMS using REST APIs, which are exposed by the MDCMS HTTP server.

In order to protect MDCMS information from unauthorized access, a bearer token is expected to be included in the API request header. If the token is not present, MDCMS will return a 401-Unauthorized status.

If the token is present, it will be checked against the list of unexpired tokens. If not found, MDCMS will return a 401-Unauthorized status. If found, MDCMS will proceed further with carrying out the request based on the user that owns the token.

Generate a Token

Any user that is registered in MDSEC may generate a token for themselves. Any user that has MDSEC Administration rights may additionally generate tokens for other users. This can be useful when using a token applied to a service user rather than a human user.

To generate a token:

  1. Within a 5250 session, type command MDSEC and press Enter.
  2. Select option 8 = API Tokens and press Enter.
  3. Press F6 = Add.
  4. Provide a description of the Token and a Valid Until Date and press Enter.
  5. The API Token will appear on the screen.

IMPORTANT: Copy the token value and store it in a secure location. It will not be possible to view the value of the token again.

Manage Existing Tokens

Any user that is registered in MDSEC may manage their own tokens. Any user that has MDSEC Administration rights may additionally manage tokens for other users.

To manage existing tokens:

  1. Within a 5250 session, type command MDSEC and press Enter.
  2. Select option 8 = API Tokens and press Enter.
  3. Use option 2 to edit the description or Valid Until Date, use option 3 to copy the token, or use option 4 to delete the token.

Example Request Header

Authorization: Bearer MTgzNTg1NDIxMDA1MzkxNzIyOTYzMTA3Mjk3O3U2Nzg5ODAxNDY2NTAyNzMxMTY1