Flussonic Watcher documentation

Auto-login

Flussonic Watcher allows its users to login by a special URL (auto-login link), without entering a password. This may be necessary if you want to simplify the access to Flussonic Watcher for your users or prevent the transfer of passwords to third parties.

The auto-login link is issued to an authorized client.

In order to generate a URL for auto-login, you must first request a token by using the link /vsaas/api/generate-autologin-token. After that, the user can be authorized via POST to /vsaas/autologin.

Follow the steps:

1) First, generate an administrator's token. To do so, you'll need the KEY API. The KEY API is shown in the Flussonic Watcher administrative interface (admin panel, Watcher UI) on the Settings page.

sign = md5(salt + ":" + utc + ":" + api_key)
admin_token = salt + ":" + utc + ":" + sign

Where:

  • salt — any random string;
  • utc — the current UTC time in seconds;
  • api_key — API key from the settings page of the Flussonic Watcher admin panel.

The generated token has a finite lifetime and is bound to the specified time in UTC. For example, if

  • salt = "20a666"
  • utc = "1487258700"
  • api_key = "HELLO"

then the final resulting admin_token will be: "20a666: 1487258700: 4b60f36de708e5b3472155db2fea990a"

2) So, the admin token is ready, now you need to get a token for the autologin of a particular user. To do this, you'll need to make a POST request in JSON-format:

curl --header "X-Vsaas-Api-Key: ADMIN_TOKEN" --header "Content-Type: application/json" --request POST --data '{"login": LOGIN, "valid_till": VALID_TILL, "lifetime": LIFETIME}' "http://watcher.com/vsaas/api/generate-autologin-token" 
  • ADMIN_TOKEN — the token generated in step 1. This token is transmitted in the HTTP headerX-Vsaas-Api-Key.
  • LOGIN — login (the same as an email) of the user to whom you want to give access. Line. Required.
  • VALID_TILL — the UTC time in seconds until this token is valid for autologin. Integer. Optional parameter.
  • LIFETIME — the duration of the session opened through the autologin, in seconds. Integer. Optional parameter.

The response will be in the JSON format:

{
    "autologin_token": "demo:1487258314:f8b1:b4bdaac58cbe94638e5b14a3728b8e6d633f3c6e", 
    "success": true
}

You'll need this autologin_token.

3) The autologin_token received in step 2 is used for the POST request to Flussonic Watcher. For example, this way:

<form action="http://watcher.com/vsaas/autologin" method="POST">
  <input type="hidden" name="autologin_token" value="AUTOLOGIN_TOKEN" />
  <input type="submit" />
</form>

At the click on the submit button, the user will be logged in automatically into the Flussonic Watcher web interface.