Direct Inward Dialing: +1 408 916 9393
Free EditionNote : The Generate Authtoken API is not supported from ADManager Plus builds 7230 and above, as the authtoken generation support has been implemented in the ADManager Plus GUI.
This API is compatible with build 6583 to 7224.
To access ADManager Plus APIs from your application or service, you will need an authentication token from ADManager Plus, which can be obtained using the Generate AuthToken API.
Request URL (JSON) format: http://<hostname>:<port>/RestAPI/APIAuthToken
Request parameters:
| Parameter Name | Mandatory | Description | Supported build number |
| loginName | Yes | ||
| password | Yes | ||
| domainName | Yes | ||
| AuthToken | No | If included in the request, the given AuthToken will be invalidated | 7200 and above |
| authTokenName | No | A unique name for the authtoken, which will be generated | 7200 and above |
| expirationTime | No |
Validity period for the authtoken in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT
For example: The date January 1, 2023 can be represented as 1672511400000 Note: If not specified, the default expiration time of the authtoken will be set as the default domain's maximum password age |
7200 and above |
| scope | No | Scope of the authtoken to be generated
Enter one of these or a combination of the below mentioned scopes separated only by a comma: ME.ADMP.USER.CREATE ME.ADMP.COMPUTER.READ ME.ADMP.GROUP.CREATE ME.ADMP.OU.CREATE Note: If the scope is not provided, the generated Authtoken will have all the scopes; however, the help desk technician's delegation will have higher precedence |
Response 1: If 2FA is not enabled
The response will be a key/value pair in JSON format. The response string will include the following key.
| Parameter Name | Description |
| LoginStatusMessage | Status message for the request sent |
| AuthTicket | Authentication token to be used while using the other REST API's |
| ValidDate | Expiration time of the AuthTicket in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT |
| AuthTokenName | A unique name for the generated authtoken |
| domainNameList | Details about the domains in which the technician can perform Active Directory management actions |
Sample Input/Output:
Request:
http://localhost:8080/RestAPI/APIAuthToken?loginName=Testlogin&password=testpassword&domainName=TestDomain &authTokenName=test&expirationTime=1704047400000&scope=ME.ADMP.USER.READ,ME.ADMP.USER.CREATE
Response:
{
"LoginStatusMessage":"Success","LoginName":"Testlogin","LoginId":"1","ValidDate":"1704047400000","AuthTokenName": "test","LoginStatus": "true","AuthTicket":"6cd3830f-835f-4e7a-b6d1-7a87caffa4be"
}
Response 2: If 2FA is enabled
The following response will be obtained when making a request for the Generate Authtoken API when 2FA is enabled.
Response Parameters:
| Parameter Name | Description |
| LoginStatusMessage | Status message for the request sent |
| SessionToken | Unique token to be used for 2FA validation |
| TwoFactorDetails | Details of the 2FA mode configured for the technician in ADManager Plus |
Note:
Sample Input/Output:
Request:
http://localhost:8080/RestAPI/APIAuthToken?loginName=Testlogin&password=testpassword&domainName=TestDomain &authTokenName=test&scope=ME.ADMP.USER.READ&expirationTime= 1704047400000
Response when 2FA is enrolled:
{
"LoginStatusMessage": "Authentication success. Kindly use the session token acquired from the response and initiate the 2FA Verification API to generate Authtoken.",
"TwoFactorDetails": {
"tfa_provider_name": "Google Authenticator",
"is_tfa_enrolled": true,
"tfa_provider_mode": "TFA_GOOGLE_AUTHENTICATOR",
"is_tfa_enabled": true
},
"SessionToken": "7wed7ade-330f-409b-b3bf-8d45d07a6c93",
"LoginStatus": "true"
}
Response when 2FA is not enrolled:
{
"LoginStatusMessage": "Authentication success.Your administrator has enabled 2FA for your account. Please configure a 2FA method in ADManager Plus' web console.",
"TwoFactorDetails": {
"is_tfa_enrolled": false,
"is_tfa_enabled": true
},
"LoginStatus": "true"
}
Once the SessionToken and other information is obtained from the above steps, follow the below steps to complete 2FA authentication.
2FA Verification API:
This API performs 2FA Authentication for the technician account provided in Generate Authtoken API and generates Authtoken.
Request URL: http://<host_name>:<port>/RestAPI/VerifyTFA
Request Parameters:
| Parameter Name | Mandatory | Description |
| sessionToken | Yes | Unique token obtained from Generate Authtoken API response. |
| secretCode | Yes | The OTP generated for the technician in the corresponding app based on the configured 2FA mode. |
Response:
| Parameter Name | Description |
| LoginStatusMessage | Status message for the request sent |
| AuthTicket | Authentication token to be used while using the other REST API's |
| ValidDate | Expiration time of the AuthTicket in Java milliseconds format, i.e., the number of milliseconds since January 1, 1970, 00:00:00 GMT |
| AuthTokenName | A unique name for the generated authtoken |
Note:
Sample Input/Output:
Request:
http://localhost:8080/RestAPI/VerifyTFA?sessionToken=d1opca6d-12sd-4aa9-ac33-d2440657ad92&secretCode=835711
Response:
{
"LoginStatusMessage":"Success","LoginName":"Testlogin","LoginId":"1","ValidDate":"1704047400000","AuthTokenName": "test","LoginStatus": "true","AuthTicket":"6cd3830f-835f-4e7a-b6d1-7a87caffa4be"
}
NOTE:
Reserved characters include ; / ? : @ = &
Unsafe characters include < > # % { } | \ ^ ~ [ ] ` "'
