Express Entry:Token Server: Difference between revisions
No edit summary |
|||
(15 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{{ExpressEntryNav | {{ExpressEntryNav | ||
|TokenServerCollapse= | |||
}} | }} | ||
Line 5: | Line 6: | ||
==Using the Token Server== | ==Using the Token Server== | ||
Express Entry supports the use of authentication tokens to access the service. Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page. | Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public. | ||
Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page. | |||
In order to implement the PHP and JavaScript sample: | In order to implement the PHP and JavaScript sample: | ||
*The server must have PHP enabled. | *The server must have PHP enabled. | ||
*The sample PHP must be loaded on the server and your | *The sample PHP must be loaded on the server and your License Key must be entered where marked in the code. | ||
*The JavaScript sample must be pasted into your webpage and edited with your IP information. | *The JavaScript sample must be pasted into your webpage and edited with your IP information. | ||
*Both the PHP sample and the calling Javascript must be on the same domain. | *Both the PHP sample and the calling Javascript must be on the same domain. | ||
Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used | Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used instead of your ident or License Key. | ||
The code is commented where the necessary changes (such as adding the License Key) are to be made. | |||
===REST=== | |||
You may also make a REST request to the token server. The service URL is: | |||
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?</pre> | |||
The available REST request parameters are: | |||
<pre> | |||
L=[LICENSE KEY] | |||
&P=[PACKAGE OR PACKAGES] | |||
&IP=[IP ADDRESS] | |||
&TS=[TIMESPAN (optional)] | |||
</pre> | |||
A sample REST request would be: | |||
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry&IP=[IP ADDRESS]&TS=0015</pre> | |||
or if you have Geocoding enabled: | |||
<pre>https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry,PkgExpressEntryGeo&IP=[IP ADDRESS]&TS=0015</pre> | |||
This returns a token starting with ‘T:’. The IP Address is optional added security. If you send the client IP Address in your public-facing web page setup, we can detect unauthorized use of your tokens and take preventative measures. | |||
<code>&TS</code> controls the token lifetime. The argument <code>HHMM</code> will set the token timespan to <code>HH</code> hours and <code>MM</code> minutes, with a default and maximum of 24 hours 0 minutes. The minimum token lifetime is 10 minutes. | |||
A sample REST response would be: | |||
<pre> | |||
<RequestTokenResponse> | |||
<result/> | |||
<token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token> | |||
</RequestTokenResponse> | |||
</pre> | |||
==Token Server Support Sample Project== | |||
*[https://download.melissadata.com/SampleCodes/Current/DQWS3/ExpressEntry/TokenIP2.zip Token Server Support] | |||
==Token Server Support Sample Code== | |||
===PHP Code=== | |||
<pre> | |||
<?php | |||
// change this to your License Key | |||
$License = '########'; | |||
//APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP. | |||
//Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined | |||
//EXAMPLE ONLY | |||
//$host= gethostname(); | |||
//$ip = gethostbyname($host); | |||
//IIS | |||
//EXAMPLE ONLY | |||
$ip = gethostbyname($_SERVER['SERVER_NAME']); | |||
//check for function | |||
if ( !isset($_REQUEST['function']) ) | |||
exit(); | |||
else | |||
$func = $_REQUEST['function']; | |||
//get the token | |||
if ($func == 'gettoken') | |||
{ | |||
//customize the token request | |||
//example for Check Action | |||
$xml = file_get_contents('http://token.melissadata.net/v3/web/Service.svc/RequestToken?L=' . $License . '&P=pkgExpressEntry&IP=' . $ip); | |||
//Personator Packages | |||
//pkgBorgCheck Personator Web Service (Check Action) | |||
//pkgBorgVerify Personator Web Service (Verify Action) | |||
//pkgBorgMoveUpdate Personator Web Service (Move Update Action) | |||
//pkgBorgAppend Personator Web Service (Append Action) | |||
//pkgBorgGeoCode Personator Web Service (Geocode Action) | |||
//pkgBorgGeoPoint Personator Web Service (GeoPoint Action) | |||
//pkgExpressEntry Express Entry | |||
//Global Address Packages | |||
//pkgIntAddressCheck Global Address Web Service | |||
//unpack the xml | |||
$xml_r = new SimpleXMLElement($xml); | |||
//grab out the token | |||
$token = (string)$xml_r->Token; | |||
//send the token to the client in a json packet | |||
$data[] = array('token' => $token); | |||
//this encodes the data and sends it back to the client | |||
echo json_encode($data); | |||
flush(); | |||
} | |||
?> | |||
</pre> | |||
===JavaScript Code (for your web page)=== | |||
<pre> | |||
var token; | |||
window.onload = function() | |||
{ | |||
$.ajax( | |||
{ | |||
type: "POST", | |||
// Your PHP server hostname or IP in the following line | |||
url: "http://192.168.13.237/licensekey.php", //NOTE: ajax requires that the client and server side scripts be located on the same domain | |||
data: {function:"gettoken"}, | |||
dataType: 'json', | |||
success: function(data) | |||
{ | |||
token = data[0].token; | |||
//alert(token); // uncomment this if you want to see the token being returned | |||
} | |||
}); | |||
} | |||
</pre> | |||
[[Category:Cloud Services]] | [[Category:Cloud Services]] | ||
[[Category:Express Entry]] | [[Category:Express Entry]] |
Latest revision as of 16:07, 13 March 2024
Using the Token Server
Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public.
Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.
In order to implement the PHP and JavaScript sample:
- The server must have PHP enabled.
- The sample PHP must be loaded on the server and your License Key must be entered where marked in the code.
- The JavaScript sample must be pasted into your webpage and edited with your IP information.
- Both the PHP sample and the calling Javascript must be on the same domain.
Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used instead of your ident or License Key.
The code is commented where the necessary changes (such as adding the License Key) are to be made.
REST
You may also make a REST request to the token server. The service URL is:
https://token.melissadata.net/v3/web/Service.svc/RequestToken?
The available REST request parameters are:
L=[LICENSE KEY] &P=[PACKAGE OR PACKAGES] &IP=[IP ADDRESS] &TS=[TIMESPAN (optional)]
A sample REST request would be:
https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry&IP=[IP ADDRESS]&TS=0015
or if you have Geocoding enabled:
https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE KEY]&p=pkgExpressEntry,PkgExpressEntryGeo&IP=[IP ADDRESS]&TS=0015
This returns a token starting with ‘T:’. The IP Address is optional added security. If you send the client IP Address in your public-facing web page setup, we can detect unauthorized use of your tokens and take preventative measures.
&TS
controls the token lifetime. The argument HHMM
will set the token timespan to HH
hours and MM
minutes, with a default and maximum of 24 hours 0 minutes. The minimum token lifetime is 10 minutes.
A sample REST response would be:
<RequestTokenResponse> <result/> <token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token> </RequestTokenResponse>
Token Server Support Sample Project
Token Server Support Sample Code
PHP Code
<?php // change this to your License Key $License = '########'; //APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP. //Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined //EXAMPLE ONLY //$host= gethostname(); //$ip = gethostbyname($host); //IIS //EXAMPLE ONLY $ip = gethostbyname($_SERVER['SERVER_NAME']); //check for function if ( !isset($_REQUEST['function']) ) exit(); else $func = $_REQUEST['function']; //get the token if ($func == 'gettoken') { //customize the token request //example for Check Action $xml = file_get_contents('http://token.melissadata.net/v3/web/Service.svc/RequestToken?L=' . $License . '&P=pkgExpressEntry&IP=' . $ip); //Personator Packages //pkgBorgCheck Personator Web Service (Check Action) //pkgBorgVerify Personator Web Service (Verify Action) //pkgBorgMoveUpdate Personator Web Service (Move Update Action) //pkgBorgAppend Personator Web Service (Append Action) //pkgBorgGeoCode Personator Web Service (Geocode Action) //pkgBorgGeoPoint Personator Web Service (GeoPoint Action) //pkgExpressEntry Express Entry //Global Address Packages //pkgIntAddressCheck Global Address Web Service //unpack the xml $xml_r = new SimpleXMLElement($xml); //grab out the token $token = (string)$xml_r->Token; //send the token to the client in a json packet $data[] = array('token' => $token); //this encodes the data and sends it back to the client echo json_encode($data); flush(); } ?>
JavaScript Code (for your web page)
var token; window.onload = function() { $.ajax( { type: "POST", // Your PHP server hostname or IP in the following line url: "http://192.168.13.237/licensekey.php", //NOTE: ajax requires that the client and server side scripts be located on the same domain data: {function:"gettoken"}, dataType: 'json', success: function(data) { token = data[0].token; //alert(token); // uncomment this if you want to see the token being returned } }); }