Page tree

Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


All API methods are protected by token authentication. A specified token is passed through http header 'Avalon-Api-Key'. A matching token must be configured in in Avalon's database. Creating and viewing tokens can be done via rake tasks.

Code Block
rake avalon:token:list
rake avalon:token:generate username=archivist
rake avalon:token:revoke username=archivist

Every token is associated with an Avalon user. User sessions authenticated against an API token will assume the same authorization rights as the associated user. (NOTE: In pre-7.0 versions of Avalon, API token logins were granted admin user rights.)