API session tokens
Special API methods login and logout (present in all EVA ICS APIs, /r/token resource for RESTful) allow to open API session and use server-generated API token instead of API key.
To enable tokens, set parameter session_timeout greater than zero in [webapi] section of controller configuration (enabled on SFA by default).
Also, API session tokens are required by SFA Framework, which uses them to handle interface sessions.
Token has no restrictions and can be used as usual API key, the only one difference is that token has expiration time or can be purged by owner earlier.
Token will expire and become invalid, if:
- it hasn’t been used for a time, longer, than specified session_timeout
- the time, passed since token generation is greater than session_timeout and session_no_prolong = yes is set in controller configuration
- API method logout (DELETE /r/token for RESTful) was called
- on any API key modification, which is token assigned to
- on any user account modification, which is token assigned to (if token was obtained with user credentials)
- controller has been restarted.