Get security token | POST /token/v2

For web application or mini program, we sugguest to generate access token by your server instead of using APIKey signature, to avoid disclosure of your API Secret in your program.

STS get-Token URL is as follow. HTTPs is required.

Action

POST /token/v2

Authentication

Yes

Request parameters

Field

Type

Required

Description

apikey

String(base64 encoded)

Yes

Use APIKey from www.easyar.com

expires

Int

Yes

Define your Security Token expire time. (Unit: second)

acl

String

No

ACL json is transformed to string.

Example for request

POST /token/v2 HTTP/1.1
Host:
Date: Mon, 1 Jan 2018 00:00:00 GMT
Content-Type: application/json
{
  "apiKey": "Your APIKey",
  "expires": 3600,
  "timestamp": 1550469858000,
  /* JSON.stringify
  "acl": [{
    "service": "ecs:armap",
    "effect": "Allow",
    "resource": [
        "Your spatialmap cloud ID"
    ],
    "permission": ["READ"]
  }],
  */
  "signature": "6e71edb158...b206acf7eb"
}

Request Field

acl: Array of ACL block, each ACL block is comprised of {service, effect, resource, permission}. Then stringify json array.

service: service tyoe.

resource: appId. Example: start spatialmap service and crete a spacemap mapbase, we define an appId.

effect: Allow or Deny

permission: READ or WRITE

Example for Response

{
  "result": {
    "apiKey": "1ab2c85790aefd1eeeccf030211cf252",
    "expires": 3600,
    "token": "Prn3iSlG4...suoHg==",
    "expiration": "2019-02-18T07:04:19.478Z"
  },
  "timestamp": 1550469858000,
  "msg": "api key invalid",
  "statusCode": 0
}

Example for error response

{
    "timestamp": 1550469858000,
    "message": "api key invalid",
    "statusCode": 4001011
}

Request Field

token:use token as passport during app usage. Put token into http header in all business API request: {“Authorization”: “Prn3iSlG4…suoHg==”}. Remember request your business API with parameter : appId.

expiration: refresh new token when token expired.