Authentication with a Token
Using Basic Auth in every request might not be the method that some users would prefer. Using a token in the header of the request might be a more suitable approach. To attain a token, a user must first call the /authentication/login URI from FireMon Security Manager. Users can then provide the token for every subsequent call to the server. Supply the token in the header of the request; use the entire string of the token provided. Below are examples of how to call /authentication/login properly and the expected response from the server. It is essential to note the four fields provided in the response. The “token” key provides the token needed for the subsequent requests. The “tokenTTL” provides the time-to-live of the token that is supplied by the server described in minutes.
Swagger UI: Login
Postman: Login
Python Script: Login
Output after Successful Authentication from /authentication/login
As previously stated, based on the “tokenTTL,” this token is ephemeral. Also, the authentication token changes after every successful login. It is vital to perform these tasks quickly, ensuring that your token does not lose its validity due to another login of the same account throughout the process.
Now that the user has received the token apply it in the header of the request to provide authentication. X-FM-AUTH-Token (case sensitive) is the name of the key to use in the header, and the value for the key is the token retrieved from the response at /authentication/login. The below screenshots show this process in Postman and Python to pull the identification of the current user.
