Express Entry:Token Server: Difference between revisions

From Melissa Data Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(10 intermediate revisions by the same user not shown)
Line 6: Line 6:


==Using the Token Server==
==Using the Token Server==
Express Entry supports the use of authentication tokens to access the service. Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.
Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public.
 
Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.


In order to implement the PHP and JavaScript sample:
In order to implement the PHP and JavaScript sample:
Line 18: Line 20:
The code is commented where the necessary changes (such as adding the License Key) are to be made.
The code is commented where the necessary changes (such as adding the License Key) are to be made.


You may also make a REST request to the token server which has the address <pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?</pre> with the parameters ‘L=[Insert your ident here]’ (without the brackets) and ‘&P=pkgExpressEntry’, to retrieve a token. For example, opening the page <pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[Ident]&P=pkgExpressEntry</pre> will return a token starting with ‘T:’. Also, for added security, you may pass your IP with '&IP=', which can then be used to detect unauthorized use of your tokens.
===REST===
You may also make a REST request to the token server. The service URL is:
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?</pre>
 
The available REST request parameters are:
<pre>
L=[LICENSE KEY]
&P=[PACKAGE OR PACKAGES]
&IP=[IP ADDRESS]
&TS=[TIMESPAN (optional)]
</pre>
 
A sample REST request would be:
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry&IP=[IP ADDRESS]&TS=0015</pre>
 
or if you have Geocoding enabled:
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry,PkgExpressEntryGeo&IP=[IP ADDRESS]&TS=0015</pre>
 
This returns a token starting with ‘T:’. The IP Address is optional added security. If you send the client IP Address in your public-facing web page setup, we can detect unauthorized use of your tokens and take preventative measures.
 
<code>&TS</code> controls the token lifetime. The argument <code>HHMM</code> will set the token timespan to <code>HH</code> hours and <code>MM</code> minutes, with a default and maximum of 24 hours 0 minutes. The minimum token lifetime is 10 minutes.
 
 
A sample REST response would be:
<pre>
<RequestTokenResponse>
    <result/>
    <token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token>
</RequestTokenResponse>
</pre>
 
 
==Token Server Support Sample Project==
*[https://download.melissadata.com/SampleCodes/Current/DQWS3/ExpressEntry/TokenIP2.zip Token Server Support]
 
 
==Token Server Support Sample Code==
===PHP Code===
<pre>
<?php
  // change this to your License Key
  $License = '########';
 
  //APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP.
  //Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined
  //EXAMPLE ONLY
  //$host= gethostname();
  //$ip = gethostbyname($host);
 
  //IIS
  //EXAMPLE ONLY
  $ip = gethostbyname($_SERVER['SERVER_NAME']);
  //check for function
  if ( !isset($_REQUEST['function']) )
    exit();
  else
    $func = $_REQUEST['function'];
    //get the token
      if ($func == 'gettoken')
      {
        //customize the token request
        //example for Check Action
        $xml = file_get_contents('http://token.melissadata.net/v3/web/Service.svc/RequestToken?L=' . $License . '&P=pkgExpressEntry&IP=' . $ip);
        //Personator Packages
        //pkgBorgCheck Personator Web Service (Check Action)
        //pkgBorgVerify Personator Web Service (Verify Action)
        //pkgBorgMoveUpdate Personator Web Service (Move Update Action)
        //pkgBorgAppend Personator Web Service (Append Action)
        //pkgBorgGeoCode Personator Web Service (Geocode Action)
        //pkgBorgGeoPoint Personator Web Service (GeoPoint Action)
        //pkgExpressEntry Express Entry
        //Global Address Packages
        //pkgIntAddressCheck Global Address Web Service
        //unpack the xml
        $xml_r = new SimpleXMLElement($xml);
        //grab out the token
        $token = (string)$xml_r->Token; 
 
        //send the token to the client in a json packet
        $data[] = array('token' => $token);
        //this encodes the data and sends it back to the client
        echo json_encode($data);
        flush();
      }
?>
</pre>
 
===JavaScript Code (for your web page)===
<pre>
var token;
window.onload = function()
{
  $.ajax(
  {
    type: "POST",
    // Your PHP server hostname or IP in the following line
    url: "http://192.168.13.237/licensekey.php", //NOTE:  ajax requires that the client and server side scripts be located on the same domain
    data: {function:"gettoken"},
    dataType: 'json',
    success: function(data)
    {
      token = data[0].token;
      //alert(token); // uncomment this if you want to see the token being returned
    }
  });
}
</pre>




[[Category:Cloud Services]]
[[Category:Cloud Services]]
[[Category:Express Entry]]
[[Category:Express Entry]]

Latest revision as of 16:07, 13 March 2024

← Global Express Entry

Express Entry Navigation
Introduction
Global Getting Started
Endpoints
ExpressAddress
ExpressCityState
ExpressFreeForm
ExpressPostalCode
ExpressStreet
GlobalExpressAddress
GlobalExpressCountry
GlobalExpressLocalityAdministrativeArea
GlobalExpressFreeForm
  ↳  Filtering Responses
GlobalExpressPostalCode
GlobalExpressThoroughfare
Examples
XML Response
JSON Response
Global XML Response
Global JSON Response
Token Server
Result Codes
Result Code Use
Express Entry Result Codes
Sample Code



Using the Token Server

Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public.

Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.

In order to implement the PHP and JavaScript sample:

  • The server must have PHP enabled.
  • The sample PHP must be loaded on the server and your License Key must be entered where marked in the code.
  • The JavaScript sample must be pasted into your webpage and edited with your IP information.
  • Both the PHP sample and the calling Javascript must be on the same domain.

Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used instead of your ident or License Key.

The code is commented where the necessary changes (such as adding the License Key) are to be made.

REST

You may also make a REST request to the token server. The service URL is:

https://token.melissadata.net/v3/web/Service.svc/RequestToken?

The available REST request parameters are:

L=[LICENSE KEY]
&P=[PACKAGE OR PACKAGES]
&IP=[IP ADDRESS]
&TS=[TIMESPAN (optional)]

A sample REST request would be:

https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry&IP=[IP ADDRESS]&TS=0015

or if you have Geocoding enabled:

https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry,PkgExpressEntryGeo&IP=[IP ADDRESS]&TS=0015

This returns a token starting with ‘T:’. The IP Address is optional added security. If you send the client IP Address in your public-facing web page setup, we can detect unauthorized use of your tokens and take preventative measures.

&TS controls the token lifetime. The argument HHMM will set the token timespan to HH hours and MM minutes, with a default and maximum of 24 hours 0 minutes. The minimum token lifetime is 10 minutes.


A sample REST response would be:

<RequestTokenResponse>
    <result/>
    <token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token>
</RequestTokenResponse>


Token Server Support Sample Project


Token Server Support Sample Code

PHP Code

<?php
  // change this to your License Key
  $License = '########';

  //APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP.
  //Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined
  //EXAMPLE ONLY
  //$host= gethostname();
  //$ip = gethostbyname($host);

  //IIS
  //EXAMPLE ONLY
  $ip = gethostbyname($_SERVER['SERVER_NAME']);
  //check for function
  if ( !isset($_REQUEST['function']) )
    exit();
  else
    $func = $_REQUEST['function'];
    //get the token
      if ($func == 'gettoken')
      {
        //customize the token request
        //example for Check Action
        $xml = file_get_contents('http://token.melissadata.net/v3/web/Service.svc/RequestToken?L=' . $License . '&P=pkgExpressEntry&IP=' . $ip);
        //Personator Packages
        //pkgBorgCheck Personator Web Service (Check Action)
        //pkgBorgVerify Personator Web Service (Verify Action)
        //pkgBorgMoveUpdate Personator Web Service (Move Update Action)
        //pkgBorgAppend Personator Web Service (Append Action)
        //pkgBorgGeoCode Personator Web Service (Geocode Action)
        //pkgBorgGeoPoint Personator Web Service (GeoPoint Action)
        //pkgExpressEntry Express Entry
        //Global Address Packages
        //pkgIntAddressCheck Global Address Web Service
        //unpack the xml
        $xml_r = new SimpleXMLElement($xml);
        //grab out the token
        $token = (string)$xml_r->Token;  

        //send the token to the client in a json packet
        $data[] = array('token' => $token);
        //this encodes the data and sends it back to the client
        echo json_encode($data);
        flush();
      }
?>

JavaScript Code (for your web page)

var token;
window.onload = function()
{
  $.ajax(
  {
    type: "POST",
    // Your PHP server hostname or IP in the following line
    url: "http://192.168.13.237/licensekey.php", //NOTE:  ajax requires that the client and server side scripts be located on the same domain
    data: {function:"gettoken"},
    dataType: 'json',
    success: function(data) 
    {
      token = data[0].token;
      //alert(token); // uncomment this if you want to see the token being returned
    }
  });
}