Authentication
Authentication is not part of the Racom-RPC protocol. User identity may be passed by some other means and it is up to the server to enforce correct permission model.
HTTP Implementation
The user identity is transferred as an identity token send in the apikey HTTP
header with each request. Creation and destruction of this token is handled by
the login.cgi and logout.cgi endpoints on the server.
login.cgi
Warning
This is not a Racom-RPC call, but a HTTP request. Standard Racom-RPC
attributes such as error or target are not applicable.
Creates a new session on the server. The session lasts for a set number of
seconds after each RPC call. The session timeout value is returned in response
to the device_constants_get RPC call.
Request
| attribute | description |
|---|---|
username* string |
The identification of the user |
password* string |
User's password |
language_codestring |
Identifies the active language of the client. default: en |
Response
The success or failure is indicated purely by HTTP status code.
200 - Success
400 - Invalid or missing credentials
500 - Server error
503 - Server is temporarily unavailable
If the login was successful (HTTP status 200), the following data must be returned:
| attribute | description |
|---|---|
token* string |
The session id used for authentication of any subsequent calls. |
role* Role |
info about currently logged in user. |
Role
| attribute | description |
|---|---|
name* string |
Active users name |
permission* number |
Active users permission level (0 = root, 1000=anonymous) |
logout.cgi
Warning
This is not a Racom-RPC call, but a HTTP request. Standard Racom-RPC
attributes such as error or target are not applicable.
Calling this endpoint destroys the users session on the server. The session to
destroy is identified by the mandatory apikey header.
Response
The success or failure is indicated purely by HTTP status code.
200 - Success
400 - apikey header is missing or contains a token which does not match
an active session
500 - Server error