Enterprise 11 Authentication API
- Updated: 2022/12/30
Enterprise 11 Authentication API
Use the Authentication API to generate, refresh, and manage JSON Web Tokens (JWT) that are required for authorization in all Control Room APIs.
The JWT is a text string with 703
characters.
{
"token": "eyJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIxIiwiY2xpZW50VHlwZSI6IldFQiIsImxpY2Vuc2VzIjpbXSwiYW5hbHl0aWNzTGljZW5zZXNQdXJjaGFzZWQiOnsiQW5hbHl0aWNzQ2xpZW50Ijp0cnVlLCJBbmFseXRpY3NBUEkiOnRydWV9LCJpYXQiOjE1NzMxMDc4NzMsImV4cCI6MTU3MzEwOTA3MywiaXNzIjoiQXV0b21hdGlvbkFueXdoZXJlIiwibmFub1RpbWUiOjM2NTc1NjI0OTQ2MzE2MDAsImNzcmZUb2tlbiI6ImNiZjgwZWNkZmU5YmUwYzViOGI2MDk3NmU0ZTI2MTNiIn0.rGYxbS5kKUTxtZhYtRSXpmIHwbf3IwLBIKDEA7odG5uGVAjD55Tv05bYdARx_3-tl1CBg_cDGbwj5FvaBt9u5xKu5W5j3Nur6x3PF62NeB3ZIdxiUPaFBU0Br84mPJMD4_EpwBfbeSVOMH6ngiLtJYhIOtJa0kp4pAAm3mvkuOUELtH8lf3pQf-2Ose2fUAaebDkqiH13SUF1TONAjUQv6Ef_uY0wgq9SjZwKHg9SKUhX3S8PXAJne_ih2QnN8nUE1SXGlkC04eoIvyWpFkM963XEjptc2uvwtVn42MdA4Nd1opD5yijEl9VM92Fe1sPb6_T5-oV-U1Iw0JHiX2-Ug", . . .
}
auth
- POST http://<your_control_room_url>/v1/authentication
-
Body parameters:
{ "username": "string", "password": "string", "apiKey": "string", "mfaCode": 0 }
Note: Make sure you replace any escape character '\' with '\\' in the API key.Make a post request to generate a JWT.- The
username
of the Automation Anywhere user. - The
password
of the Automation Anywhere user. - The
apiKey
is required to configure Single Sign On (SSO). It can also be used in place of a password for users that are assigned to the API key generation role. - The
mfaCode
is required for user with a role that has been enabled for two-factor authentication (2FA). See, Enabling Two-factor authentication.Note: We recommend that you either disable 2FA in a role or create a separate role that does not use 2FA for use in scripts or other programmatic environments. You should use username and apiKey to authenticate when programmatically making API requests. Avoid using passwords in plain-text format to improve security.
Note: Authentication tokens have a default timeout of 20 minutes.A JWT is required in the header of other Control Room APIs. Not all parameters are required to generate an authentication token. Go to the examples listed here for detailed information. - The
- GET http://<your_control_room_url>/v1/authentication/token/{token}
-
URL parameter: The token you are validating.Note: The token is passed as a parameter in the URL. There are no parameters for the request body.
Read Validate an authentication token for task details.
- POST http://<your_control_room_url>/v1/authentication/token
-
Body parameter:A refresh token allows you to get a new token without the need to collect and authenticate credentials every time a token expires.
{ "token": "string" }
Click Refresh an authentication token for a detailed example of this API.
- POST http://<your_control_room_url>/v1/authentication/logout
-
Header parameter:Immediately expires the token that you add to the header of the request.
POST 'http://<your_control_room_url>/v1/authentication/logout' -H 'X-Authorization: <access_token>
Click Immediately logout (expire) an authentication token for a detailed example of this API.
- POST http://<your_control_room_url>/v1/authentication/app/login
- The
.../authentication/app/login
API is a service to service authentication API used by Automation Anywhere internally supported applications. This API is not supported for use by external users.