Authentication using authentication header method
Last updated May 23, 2017 Cloud API
This authentication method is new in Cloud 4.6, API minor version 7.
When a client uses the authentication header method of authentication, it means the client authenticates with the StarLeaf Cloud as an ‘integration’. The ‘integration’ behaves like a ‘user’ and can have administrator access to an organization or not. If you develop a client for creating and managing conferences and that client uses this method of authentication, those conferences will be ‘owned’ by the integration rather than by a real user. The authentication header method of authentication is preferred where it is appropriate because it is easier to implement.
When you generate the integration, you will specify if it will have ‘administrator privileges’. Your client requires administrator privileges if it will add users.
Requirements for authenticating
To authenticate using the authentication header method, the client requires the following values:
- token header name: hard-coded to X-SL-AUTH-TOKEN
- token header value: a unique access token, generated per-integration, in the StarLeaf Portal
All requests must include the token header.
To generate the access token:
- Ensure that the organization account has custom integrations enabled. (If it does not, contact StarLeaf Support.)
- Log in to the StarLeaf Portal: https://portal.starleaf.com .
- Go to Integrations > Add integration:
- Type: Custom integration
- Name: Provide a name for this integration
- If your client will add users, enable Administrator privileges
- Click Apply. You will see the access token.
Note that the image only shows an example. You must follow this process for the organization that the client will modify.
It is worth remembering that the access token provides login access to the organization. Therefore, keep it secret. If you think security of the token had been compromised, regenerate the token.
You can regenerate the access token at any time (Portal > Integrations > Edit integration). If you do so, any client that is using the integration will be prevented from accessing the StarLeaf Cloud API server until somebody reconfigures it with the new access token.