Support
 
Phone Live Chat
 
Support
 
US: +1 888 720 9500
US: +1 800 443 6694
Intl: +1 925 924 9500
Aus: +1 800 631 268
UK: 0800 028 6590
CN: +86 400 660 8680

Direct Inward Dialing: +1 408 916 9393

 
 
 
 
 
AuthToken
 

Generate AuthToken API

Note : The Generate Authtoken API is not supported from ADManager Plus builds 7230 and above, as the authtoken generation support has been implemented in the ADManager Plus GUI.

This API is compatible with build 6583 to 7224.

To access ADManager Plus APIs from your application or service, you will need an authentication token from ADManager Plus, which can be obtained using the Generate AuthToken API.

Request URL (JSON) format: http://<hostname>:<port>/RestAPI/APIAuthToken

Request parameters:

Parameter Name Mandatory Description Supported build number
loginName Yes  
password Yes  
domainName Yes  
AuthToken No If included in the request, the given AuthToken will be invalidated 7200 and above
authTokenName No A unique name for the authtoken, which will be generated 7200 and above
expirationTime No Validity period for the authtoken in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT

For example: The date January 1, 2023 can be represented as 1672511400000

Note: If not specified, the default expiration time of the authtoken will be set as the default domain's maximum password age

7200 and above
scope No Scope of the authtoken to be generated

Enter one of these or a combination of the below mentioned scopes separated only by a comma:

ME.ADMP.USER.CREATE
ME.ADMP.USER.READ
ME.ADMP.USER.UPDATE
ME.ADMP.USER.DELETE

ME.ADMP.COMPUTER.READ
ME.ADMP.COMPUTER.UPDATE
ME.ADMP.COMPUTER.DELETE

ME.ADMP.GROUP.CREATE
ME.ADMP.GROUP.READ
ME.ADMP.GROUP.UPDATE
ME.ADMP.GROUP.DELETE

ME.ADMP.OU.CREATE
ME.ADMP.OU.READ
ME.ADMP.OU.DELETE

Note: If the scope is not provided, the generated Authtoken will have all the scopes; however, the help desk technician's delegation will have higher precedence

Response 1: If 2FA is not enabled

The response will be a key/value pair in JSON format. The response string will include the following key.

Parameter Name Description
LoginStatusMessage Status message for the request sent
AuthTicket Authentication token to be used while using the other REST API's
ValidDate Expiration time of the AuthTicket in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT
AuthTokenName A unique name for the generated authtoken
domainNameList Details about the domains in which the technician can perform Active Directory management actions

Sample Input/Output:

Request:

http://localhost:8080/RestAPI/APIAuthToken?loginName=Testlogin&password=testpassword&domainName=TestDomain &authTokenName=test&expirationTime=1704047400000&scope=ME.ADMP.USER.READ,ME.ADMP.USER.CREATE

Response:

{
"LoginStatusMessage":"Success","LoginName":"Testlogin","LoginId":"1","ValidDate":"1704047400000","AuthTokenName": "test","LoginStatus": "true","AuthTicket":"6cd3830f-835f-4e7a-b6d1-7a87caffa4be"
}

Response 2: If 2FA is enabled

The following response will be obtained when making a request for the Generate Authtoken API when 2FA is enabled.

Response Parameters:

Parameter Name Description
LoginStatusMessage Status message for the request sent
SessionToken Unique token to be used for 2FA validation
TwoFactorDetails Details of the 2FA mode configured for the technician in ADManager Plus

Note:

  • SessionToken received in response will expire in 5 minutes.
  • 2FA Verification API does not support DUO Security.

Sample Input/Output:

Request:

http://localhost:8080/RestAPI/APIAuthToken?loginName=Testlogin&password=testpassword&domainName=TestDomain &authTokenName=test&scope=ME.ADMP.USER.READ&expirationTime= 1704047400000

Response when 2FA is enrolled:

{
"LoginStatusMessage": "Authentication success. Kindly use the session token acquired from the response and initiate the 2FA Verification API to generate Authtoken.",
"TwoFactorDetails": {
"tfa_provider_name": "Google Authenticator",
"is_tfa_enrolled": true,
"tfa_provider_mode": "TFA_GOOGLE_AUTHENTICATOR",
"is_tfa_enabled": true
},
"SessionToken": "7wed7ade-330f-409b-b3bf-8d45d07a6c93",
"LoginStatus": "true"
}

Response when 2FA is not enrolled:

{
"LoginStatusMessage": "Authentication success.Your administrator has enabled 2FA for your account. Please configure a 2FA method in ADManager Plus' web console.",
"TwoFactorDetails": {
"is_tfa_enrolled": false,
"is_tfa_enabled": true
},
"LoginStatus": "true"
}

Once the SessionToken and other information is obtained from the above steps, follow the below steps to complete 2FA authentication.

2FA Verification API:

This API performs 2FA Authentication for the technician account provided in Generate Authtoken API and generates Authtoken.

Request URL: http://<host_name>:<port>/RestAPI/VerifyTFA

Request Parameters:

Parameter Name Mandatory Description
sessionToken Yes Unique token obtained from Generate Authtoken API response.
secretCode Yes The OTP generated for the technician in the corresponding app based on the configured 2FA mode.

Response:

Parameter Name Description
LoginStatusMessage Status message for the request sent
AuthTicket Authentication token to be used while using the other REST API's
ValidDate Expiration time of the AuthTicket in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT
AuthTokenName A unique name for the generated authtoken

Note:

  • The scope, expirationTime and authtokenName provided in Generate Authtoken API call will be applied as such for generating the authtoken after 2FA verification.

Sample Input/Output:

Request:

http://localhost:8080/RestAPI/VerifyTFA?sessionToken=d1opca6d-12sd-4aa9-ac33-d2440657ad92&secretCode=835711

Response:

{
"LoginStatusMessage":"Success","LoginName":"Testlogin","LoginId":"1","ValidDate":"1704047400000","AuthTokenName": "test","LoginStatus": "true","AuthTicket":"6cd3830f-835f-4e7a-b6d1-7a87caffa4be"
}

NOTE:

  • The default admin account will not be considered as a help desk technician.
  • Ensure that you URL encode all the special and reserved characters used in REST API requests. Since the client sending the request (browser, postman or TP tools) does not fall under ADManager Plus, encoding the URL for special, reserved and unsafe characters is solely the users' responsibility.

    Reserved characters include ; / ? : @ = &
    Unsafe characters include < > # % { } | \ ^ ~ [ ] ` "'

ADManager Plus Trusted By

The one-stop solution to Active Directory Management and Reporting
Email Download Link