AuthenticationResource
Exposes authentication functionality to log in and out of the REST API.
An authorization token is returned on successful login that must be submitted as an Authorization header using the format:Authorization: Token XPRESS-INSIGHT-TOKEN
To conserve server resources it is recommended to logout when the session is no longer required.
The following resources are part of this group:
/v1/auth/currentuser
GET
Reads the current user.
Response Body
| element: | (custom) |
| media types: | application/json |
A redirect (302) to the user resource that represents the current user.
/v1/auth/login
POST
Creates a session and its token using the supplied credentials. The token must be used in subsequent requests to identify this session.
Two token tracking mechanisms are available: manual and cookie. manual is the default behaviour and will return the token as a string, it is the responsibility of the client to provide the token in subsequent requests. cookie will set the token in an http-only cookie called __insight_token__ hence browsers will automatically provide the cookie on subsequent requests.Parameters
| name | description | type | default |
|---|---|---|---|
| username | the username | form | |
| password | the password | form | |
| method | the method for authentication tracking, either cookie or manual | form | token |
| includeTicket | if the cookie method is used, also set a ticket cookie. See GET /ticketId for more details. | form | false |
Response Body
| element: | (custom) |
| media types: | application/json |
The authorization token to use in subsequent requests, or 403 Forbidden if authentication was unsuccessful, 500 Internal Server Error if any other error was encountered.
/v1/auth/loginsso
POST
Creates a session and its token using a single sign on id. The token must be used as a cookie in subsequent requests to identify this session.
It sets the token in an http-only cookie called __insight_token__ hence browsers will automatically provide the cookie on subsequent requests.Request Body
| element: | (custom) |
| media types: | application/json |
nullable. Set the includeTicket flag if a ticket cookie should be set. See GET /ticketId for more details.
Response Body
| element: | (custom) |
| media types: | application/json |
The authorization token to use in subsequent requests, or 403 Forbidden if authentication was unsuccessful, 401 Unauthorized if the single sign on ID was not found, 500 Internal Server Error if any other error was encountered.
/v1/auth/logout
POST
Ends the current session.
Response Body
| element: | (custom) |
| media types: | application/json |
An empty response, 204 No content.
GET
Ends the current session.
Response Body
| element: | (custom) |
| media types: | application/json |
An empty response, 204 No content.
/v1/auth/ticket
GET
Generates a ticket for the current Xpress-Insight session.
Response Body
| element: | (custom) |
| media types: | application/json |
A ticket for the current Insight session.
© 2001-2020 Fair Isaac Corporation. All rights reserved. This documentation is the property of Fair Isaac Corporation (“FICO”). Receipt or possession of this documentation does not convey rights to disclose, reproduce, make derivative works, use, or allow others to use it except solely for internal evaluation purposes to determine whether to purchase a license to the software described in this documentation, or as otherwise set forth in a written software license agreement between you and FICO (or a FICO affiliate). Use of this documentation and the software described in it must conform strictly to the foregoing permitted uses, and no other use is permitted.