Forum Discussion

lorna's avatar
lorna
Maven
12 years ago

Authenticating with REST api

Hi,

 

I'm trying to get some info from private boards using REST api. We use PHP SSO which is working perfectly.

 

From this:

 

http://lithosphere.lithium.com/t5/developers-knowledge-base/Using-the-REST-API-with-SSO-credentials/ta-p/8415

 

I understand that I need to create a separate token and use it to authenticate the user.

 

I'm using PHP and I get an error. Logged in as an admin I get 'User authentication failed.' As a normal user I get a session key but it then says error 301 Invalid session key.

 

I get a successful response if I just use the url in my browser eg:

 

http://community-name.com/tomtom/restapi/vc/categories/id/BID/solutions/recent/?restapi.response_style=view&page_size=3&restapi.response_format=json&restapi.session_key=mnh4nE3coLrY8TZgZWe9vx_XWw21pb9JaEJwhBGosw.

 

So what am I doing wrong?!

3 Replies

Sort By
  • lorna's avatar
    lorna
    Maven
    12 years ago
    And to add to that ... we make about 6 calls from that page (at the moment we use json and it works without authentication but we're changing it to PHP to load faster).

    Would it make more sense to bundle those in an endpoint? We just enabled them in a hazy idea that they might help somehow. Does that mean we would still need to authenticate the users? I'm not entirely clear on why the json works without it, to be honest :S
  • lorna's avatar
    lorna
    Maven
    12 years ago

    OK, I managed to get it working for 'normal' users... but if I have Mod/Admin account it gives me a 302 User authentication failed message.

     

    Do I need additional info for those types of accounts?

  • AdamN's avatar
    AdamN
    Khoros Oracle
    12 years ago

    When you receive the error, is it while you're attempting to authenticate? And only for moderators and administrators? If so, what you're running into is likely an IP locking error:

    http://lithosphere.lithium.com/t5/support-knowledge-base/IP-Comparison-Failed-Why/ta-p/39222

     

    Basically, for privileged users an additional security check is performed to ensure that the IP address inside the SSO token matches the IP address of the request. If those do not match, the user is not allowed to authenticate.

     

    I would suggest double checking your SSO implementation to ensure that the proper request IP address is being passed through when the token is created. If that's not possible, please file a case via our Case Portal so that our Support team can assist in adjusting your SSO configuration.