Get security token | POST /token/v2

For web application or mini program, we sugguest to generate access token by your server instead of using APIKey signature, to avoid disclosure of your API Secret in your program.

STS get-Token URL is as follow. HTTPs is required.

Action

POST /token/v2

Authentication

Yes

Request parameters

Field

Type

Required

Description

apiKey

String

Yes

Use APIKey from www.easyar.com

expires

Long

Yes

Define your Security Token expire time. (Unit: second)

acl

String

No

ACL json is transformed to string.

timestamp

Long

Yes

timstamp,(Unit: millisecond)

signature

String

Yes

Please visit

acl

acl: Array of ACL block, each ACL block is comprised of {service, effect, resource, permission}. Then stringify json array.

service: service type. support ecs:crs (CRS), ecs:spatialmap (SpatialMap).

resource: appId. Example: start spatialmap service and crete a spacemap mapbase, we define an appId.

effect: Allow or Deny

permission: READ or WRITE

Example for request

POST /token/v2 HTTP/1.1
Host:
Date: Mon, 1 Jan 2018 00:00:00 GMT
Content-Type: application/json
{
  "apiKey": "Your APIKey",
  "expires": 3600,
  "timestamp": 1550469858000,
  "acl": "[{\"service\":\"ecs:spatialmap\",\"effect\":\"Allow\",\"resource\":[\"SpatialMap AppId\"],\"permission\":[\"READ\"]}]",
  "signature": "6e71edb158...b206acf7eb"
}

Example for Response

{
  "result": {
    "apiKey": "1ab2c85790aefd1eeeccf030211cf252",
    "expires": 3600,
    "token": "Prn3iSlG4...suoHg==",
    "expiration": "2019-02-18T07:04:19.478Z"
  },
  "timestamp": 1550469858000,
  "msg": "api key invalid",
  "statusCode": 0
}

Example for error response

{
    "timestamp": 1550469858000,
    "message": "api key invalid",
    "statusCode": 4001011
}

Request Field

token:use token as passport during app usage. Put token into http header in all business API request: {“Authorization”: “Prn3iSlG4…suoHg==”}. Remember request your business API with parameter : appId.

expiration: refresh new token when token expired.