Skip to main content

Authentication and authorization

The Enterprise Manager REST API uses the BASIC HTTP authorization scheme to authenticate callers and create a client session. A client session is established using the Login method, which returns the special header “EnterpriseManager.APISessionID” with a value (session token) that needs to be sent as a request header in any subsequent requests.

A session token expires 5 minutes after the last request. After the session expires, the caller must re-authenticate to establish a new session.

Authorization for performing a specific REST request relies on permission, assigned to the authenticated user either directly or by means of group membership. Each REST request requires a minimum role, which is specified in the section describing the request.