Skip to content

Authenticate Requests to the MDCMS REST API Server

Published: 2024-05-15

Relevant from MDCMS Version 8.5

Overview

In order to protect MDCMS information from unauthorized access, a bearer token is expected to be included in the API request header. If the token is not present, MDCMS will return a 401-Unauthorized status.

If the token is present, it will be checked against the list of unexpired tokens. If not found, MDCMS will return a 401-Unauthorized status. If found, MDCMS will proceed further with carrying out the request based on the user that owns the token.

Generate a Token

Any user that is registered in MDSEC may generate a token for themselves. Any user that has MDSEC Administration rights may additionally generate tokens for other users. This can be useful when using a token applied to a service user rather than a human user.

To generate, do the following:

  1. Within a 5250 session, type command MDSEC and press Enter
  2. Select option 8 = API Tokens and press Enter
  3. Press F6 = Add
  4. Provide a description of the Token and a Valid Until Date and press Enter

The API Token will appear on the screen. IMPORTANT: Copy the token value and store in a secure location. It will not be possible to view the value of the token again

Manage Existing Tokens

Any user that is registered in MDSEC may manage their own tokens. Any user that has MDSEC Administration rights may additionally manage tokens for other users. This can be useful when using a token applied to a service user rather than a human user.

To manage, do the following:

  1. Within a 5250 session, type command MDSEC and press Enter
  2. Select option 8 = API Tokens and press Enter
  3. Use option 2 to edit the description or Valid Until Date, use option 3 to copy the token or use option 4 to delete the token

Example Request Header

Authorization: Bearer MTgzNTg1NDIxMDA1MzkxNzIyOTYzMTA3Mjk3O3U2Nzg5ODAxN