/services/v2/auth/cookiesso/token.json

Request
POST /services/v2/auth/cookiesso/token.json
Header AnswerHubCookieSSO=cookie_value

Response
{ "jwt": "jwt_value"}

🚧
Permissions & Notes:

The user being used to make the API request must have the role "Use API" found in the "other roles" permissions granted. Subsequent API access calls made with the JWT token will continue to depend upon the permissions of the user with respect to the particular call being made.

We added this endpoint in version 2.18.0

Sample Request

Use cookie-sso auth to get a token:

curl -H "Cookie: ssoCookieName=ssoCookieValue" -H "Accept: application/json" -H "Content-type: application/json" -X POST "https://hostname/services/v2/auth/token.json"

ssoCookieName - The cookie name configured in the Admin -> Users & Groups -> Settings -> SSO Authentication -> Cookie Handling page

ssoCookieValue - The cookie used to authentication users as configured in the SSO Authentication configuration

hostname - The hostname for the AnswerHub instance

Use the token to execute a GET:

curl -H "Accept: application/json" -H "Content-type: application/json" -H "Authorization: Bearer idToken" -X GET "https://hostname/services/v2/user.json"

idToken - The authentication token retrieved from the call above
hostname - The hostname for the AnswerHub instance

curl 
-H "Cookie: ssoCookieName=ssoCookieValue"
-H "Accept: application/json" 
-H "Content-type: application/json" 
-X POST "https://hostname/services/v2/auth/token.json"

Expected Response

Successful Response:

HTTP Status 200 - OK is returned with JWT in payload where valid user in cookie

UnSuccessful Responses:

HTTP Status 400 - Bad Request is returned for No cookie specified or ill-formatted cookie specified
HTTP Status 401 - May be error condition on subsequent API calls made for other actions using the token if the user does not have USE_API permission, or user lacks the specific permissions related to the API action.

Community User Interface Result

Actions in the UI will relate to the corresponding API executed with the token.
No UI activity is expected from the Token request itself