[rt-users] REST Interface and Authentication

Shawn M Moore sartak at bestpractical.com
Wed Jun 11 07:29:05 EDT 2008


On Wed, Jun 11, 2008 at 11:51:37AM +0200, Martin BOULADOUR wrote:
> Hi everybody,

Hi Martin,

> I'm a new subscriber to this list. I'm french, so don't be too harsh with
> my mistakes. :)

Your English is fine! Welcome to RT land. :)

> The problem is that there is nothing to inform about the result of the
> login action. The HTTP response is the same in both cases (success,
> failure). The only thing that informs about that is the "Not logged in."
> string in the HTML. I think that looking for that string in the HTTP
> response body is a very bad way to know if the returned token is valid or
> not.

We can probably include a header that tells you that login failed.

> Is there another way to do that? Does the REST interface provide something
> to log in? If you do use the REST interface with one of your programmes,
> what do you do to get a valid session token?

The REST interface accepts "user" and "pass" parameters. If you're using
Perl, the code will look something like:

    $mech->post("$baseurl/REST/1.0/search/ticket", [
        user  => "root",
        pass  => "password",
        query => "queue='foo'",
    ]);

> Best regards,
> 
> Martin Bouladour

Shawn




More information about the rt-users mailing list