About

Provides request-specific token authorisation method for the Services module.

This means that each API request will need to have a specific HTTP header with a hash string generated from the request body.

Installation

  1. Enable the module.
  2. Edit a Services endpoint and enable Request-specific token authorisation in the Authentication section.
  3. On the Authentication tab, provide the Token key value, and optionally change the Token header name default value (X-Services-Token) if required.

Requirements

Note that for PHP versions < 5.6 this module will not work properly with PUT and PATCH requests. To fix this, a small patch for Services module is required. See #2830327: PUT and PATCH requests with PHP < 5.6

Usage

When calling a Services endpoint with request-specific token authorisation enabled, you should add the X-Services-Token header to your request, which value should be calculated as:

$x_services_token = sha1(<token_key_value> . <request_body>);

Supporting organisations

Dassault Systèmes

Project information

Releases