Autentisering mot API-tjänster

Generally authentication is done by adding a Authorization HTTP header to the request. Access is authorized using CAS. Once authenticated a session key is returned which can be used instead to decrease round-trips to and load on the CAS server.

CAS Proxy authentication

The format of the Authorization header for CAS proxy authentication is:

Authorization: X-KTH-VC (cas-proxy)<data>

Where <data> is the proxy ticket recieved from the CAS server.

Session authentication

The format of the Authorization header to use an existing session is

Authorization: X-KTH-VC (session)<data>

Where <data> is the session key previously recieved from the API server.

Feedback Nyheter