API Security
Unified Communication Credentials
Depending on the authentication mode you will require different kind of informations to access the Unified Communication Framework. To simplify and unify authentication, API access is based on a custom token that can be used one of the following way, depending of the API you access:
- X-Auth-Token Header:
Adding a HTTP header with a valid token
- Query string parameter:
Adding a token parameter with a valid token in the query string part of the API url.
The following sections explain how to get a valid token or trade an external token to a Unified Communication Framework token.
Login based access
You can use any valid user (see Users) with the following properties:
CTI Login enabled
Login
Password
Profile set to any valid value
With these informations you can then use the User basic authentication API to get a Unified Communication Framework token.
Kerberos token
A kerberos ticket is normally obtained automatically by the browser when accessing a resource requiring access privilge. So in most case a simple HTTP call to the Single sign-in (SSO authentication) API will get you a Unified Communication Framework token.
CAS token
CAS token can be obtained by authenticating on a CAS server for a given service. Once you have a token, you can trade it to a Unified Communication Framework token using the Authentication with CAS API.
OpenID Token
OpenID token can be obtained by authenticating on an OpenID server for a given client. Once you have a token, you can trade it to a Unified Communication Framework token using the Authentication with OpenID Connect (OIDC) API.