Token Authentication

The Meridian API now includes token-based authentication, in addition to cookie-based session ID authentication.

Login API

When you post a login request using valid login credentials, the login API will return a token value.

When a valid login request is made, if there isn't a token, one is created. If there is a token, then the API will return the last created token.

Use the /api/tokens endpoint to return all the current token values.

In order to use token authentication, include an Authorization header with the Token 1ab2cd345ef12gh34h45h67f12gh34h45h6712gh value in every request.

Tokens do not expire, but they can be deleted.

Deleting Tokens

There are two ways to delete tokens.

You can use the /api/tokens endpoint to DELETE a token with a specific value.

When you POST to the /api/logout endpoint with a token, it will delete the token.