The Meridian API now includes token-based authentication, in addition to cookie-based session ID authentication.
When you post a login request using valid login credentials, the login API will return a token value.
When a valid login request is made, if there isn't a token, one is created. If there is a token, then the API will return the last created token.
/api/tokensendpoint to return all the current token values.
In order to use token authentication, include an Authorization header with the
Token 1ab2cd345ef12gh34h45h67f12gh34h45h6712gh value in every request.
Tokens do not expire, but they can be deleted.
There are two ways to delete tokens.
You can use the
/api/tokens endpoint to DELETE a token with a specific value.
When you POST to the
/api/logout endpoint with a token, it will delete the token.