...
All API methods are protected by token authentication. A specified token is passed through http header 'Avalon-Api-Key'. A matching token must be configured in in Avalon's database. Creating and viewing tokens can be done via rake tasks.
| Code Block | ||
|---|---|---|
| ||
rake avalon:token:list
rake avalon:token:generate username=archivist email=archivist1@example.com
rake avalon:token:revoke username=archivist |
Every token is associated with an Avalon user. User sessions authenticated against an API token will assume the same authorization rights as the associated user. (NOTE: In pre-7.0 versions of Avalon, API token logins were granted admin user rights.)
...