Api.login - Siemens SIMATIC S7-1500 Function Manual

Web pages
3.20 API (Application Programming Interface)
3.20.2.1

Api.Login

The Api.Login method checks the login data of the user and on successful verification opens
a new Web API session. The method requests the name and the password of the user in
plain text as proof of authorization. The user name and the password are encrypted before
they are transferred to the server.
Example
The following example shows the parameters required to call the Api.Login method.
{
"user": "User1",
"password": "SecurePassword"
}
After successful authentication the user receives a token. The token shows the user as an
authenticated user against the API.
{
"token": "eG9mcHdhaGR0dWVsdm5teGFxcGw="
}
Token
The token comprises a 28-byte string. The token is transferred in encrypted form.
For every additional request which requires authentication, you have to specify the assigned
token. If further communication no longer takes place in the meantime, the token becomes
invalid after maximum 2.5 minutes. Each new request within a session extends the validity of
the token by another 2 to 2.5 minutes (calculated from the completion of the request
processing by the server).
The token is not required for methods that do not require authentication. However, you can
still enter the token.
When you call the Api.Ping method without a token, for example, the session is not extended
because the CPU cannot assign a token to the user.
The following methods work with and without tokens:
● Api.Browse
● Api.Ping
● Api.GetPermissions
User "Everybody"
The "Everybody" user is defined without assignment of a password.
If you want to authenticate yourself as the user "Everybody", send "Everybody" as user and
an empty password ("").
You can find a detailed description of the "Everybody" user in section Configuring the Web
server (Page 19).
162
Function Manual, 11/2019, A5E03484625-AG
Web server