login
Gurtam team has created a more secure way of authorization similar to oAuth. The previous way of authorization was valid untill 01 Oct 2015. All clients who implemented their own login forms or demo access links should change them to correspond to the new authorization way.
For now, two forms exist: an extended and a simplified one.
Extended form
The extended form is generally useful for mobile and other apps.
http://<host>/login.html
http://<host>/login.html?client_id=...&access_type=...&activation_time=...&duration=...&lang=...&flags=...&user=...&redirect_uri=...&response_type=...&css_url=...
All the parameters are optional.
Name | Description | Default |
|---|---|---|
client_id | Name of the app/site/client for which you want to generate a token. | Site name (title). |
access_type | 0x100 | |
activation_time | Token activation time. UTC time in seconds: 0 - now. | 0 |
duration | Token duration in seconds. | 2592000 |
lang | Language (en, ru, etc.). | |
flags | See below. | 0 |
user | Username. Will be in the login field. | |
redirect_uri | URL to redirect and forward authorization results. | login.html itself |
response_type | The response will contain the token (token) or AuthHash (hash). | Token. |
css_url | URL to CSS-file with the specified styles for login_simple.html. |
Flags
| Flag | Description |
|---|---|
| 0x1 | Return user_name in the response. |
| 0x2 | Return in the response:
|
| 0x4 | Return all the parameters from the request excluding the reserved ones (client_id, response_type, access_type, activation_time, duration, flags, login, passw, redirect_uri, p, app, sign, hash, remote_hash). |
After successful authorization, a redirect to redirect_uri occurs, and the following GET-parameters are transferred:
- access_token (72-symbol token which may be used for authorization in future);
- user_name (authorized username, if 0x1 flag was stated before token generation).
In case of an authorization error, a redirect occurs to the login form itself, the specified error is shown and the following GET-parameters are transferred:
- svc_error (error code);
- client_id;
- access_type;
- activation_time;
- duration;
- flags.
After getting a 72-symbol token, you may use it in your authorization apps:
svc=token/login¶ms={"token":"<access_token>","operateAs":"<optional_sub_user>"}
The number of tokens per user is limited to one thousand.
Simplified form
The form is used for simple embedding into sites via iframe to quickly access one or more monitoring sites after authorization. By default, a link to the monitoring site will be created. Also, you may add links to other sites (using cms_url, lite_url, mobile_url, demo_url).
http://<host>/login_simple.html
http://<host>/login_simple.html?lang=...&cms_url=...&cms_title=...&lite_url=...&mobile_url=...&demo_title=...&demo_url=...&title=...&css_url=...
All the parameters are optional.
Name | Description |
|---|---|
lang | Language (en, ru, etc.). |
cms_url | URL to a CMS Manager site (for example, http://cms.wialon.com ). If stated, it will be added to the list of quick jump sites. |
cms_title | Link title for CMS Manager. |
lite_url | URL to a Wialon Hosting Lite site (for example, http://lite.wialon.com). |
lite_title | Link title for Wialon Hosting Lite. |
mobile_url | URL to a Wialon Mobile site (for example, http://m.wialon.com). |
mobile_title | Link title for Wialon Mobile. |
title | Link title for the monitoring site. |
demo_url | URL for demo access (for example, http://hosting.wialon.com/?token=<token>). |
demo_title | Link title for demo access. |
css_url | URL to a CSS file with the specified styles for login_simple.html. |