Table of Contents
  1. JSON
  2. XML
  3. Input Parameters
  4. Response Parameters
  5. Login Auditing
  6. Javascript Library

/Account/WwwLogin

Allows the client to authenticate itself with the API, using the WWW-Authenticate Header available in the HTTP protocol.

If authentication succeeds, a JSON Web Token (or JWT) is returned to the client. This token can be used as a Bearer token in subsequent calls to the API. It needs to be refreshed before it expires.

Security Notice: Some WWW-Authentication mechanism send the password in clear text. While encryption is required, password is still unpacked by the remote endpoint, which may be a security consideration. Use the Login or QuickLogin resources to avoid this. The Javascript library uses the these resources instead of the WwwLogin alternative. But if a client is unable to generate cryptographic signatures as required by the specification, traditional WWW-Authentication mechanisms are also available.

JSON

Request
{
	"seconds":Required(Int(0 < PSeconds <= 3600))
}
Response (if successful)
{
	"jwt":Required(Str(PJwt)),
	"expires":Required(DateTime(PExpires))
}

XML

Request
<WwwLogin xmlns="https://waher.se/Schema/BrokerAgent.xsd"
          seconds=(Required(Int(0 < PSeconds <= 3600))) />
Response (if successful)
<LoggedIn xmlns="https://waher.se/Schema/BrokerAgent.xsd"
          jwt=(Required(Str(PJwt)))
          expires=(Required(DateTime(PExpires))) />

Input Parameters

Parameter Description
PSeconds Requested number of seconds before the JWT token that will be issued expires.

Response Parameters

Parameter Description
PJwt A token representing the login to the account. This token is seant as a Bearer token in requests requiring authentication.
PExpires When the JWT token expires. The token needs to be renewed before this token expires, if the client wishes to maintain the connection. After the token expires, the client needs to login again.

Login Auditing

Logins are audited. If too many failed login attempts are received in a row from a given remote endpoint, that endpoint will be temporarily blocked from further attempts. Error message will contain a timestamp when new attempts can be made. If continuing failing, a remote endpoint may become permanently blocked from accessing the API.

Javascript Library

This resource is not accessible via the Javascript library. Use the Login or QuickLogin resources instead if you need to perform a login using Javascript.