Express Entry:Token Server
Using the Token Server
Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public.
Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.
In order to implement the PHP and JavaScript sample:
- The server must have PHP enabled.
- The sample PHP must be loaded on the server and your License Key must be entered where marked in the code.
- The JavaScript sample must be pasted into your webpage and edited with your IP information.
- Both the PHP sample and the calling Javascript must be on the same domain.
Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used instead of your ident or License Key.
The code is commented where the necessary changes (such as adding the License Key) are to be made.
REST
You may also make a REST request to the token server. The service URL is:
https://token.melissadata.net/v3/web/Service.svc/RequestToken?
The available REST request parameters are:
L=[LICENSE KEY] &P=[PACKAGE] &IP=[IP ADDRESS]
A sample REST request would be:
https://token.melissadata.net/v3/web/Service.svc/RequestToken?L=[LICENSE Key]&p=pkgExpressEntry&IP=[IP ADDRESS]
This returns a token starting with ‘T:’. The IP Addres is optional added security. If you send your IP Address, we can detect unauthorized use of your tokens and take preventative measures.
A sample REST response would be:
<RequestTokenResponse> <result/> <token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token> </RequestTokenResponse>
Token Server Support Sample Project
Token Server Support Sample Code
PHP Code
<?php // change this to your License Key $License = '########'; //APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP. //Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined //EXAMPLE ONLY //$host= gethostname(); //$ip = gethostbyname($host); //IIS //EXAMPLE ONLY $ip = gethostbyname($_SERVER['SERVER_NAME']); //check for function if ( !isset($_REQUEST['function']) ) exit(); else $func = $_REQUEST['function']; //get the token if ($func == 'gettoken') { //customize the token request //example for Check Action $xml = file_get_contents('http://token.melissadata.net/v3/web/Service.svc/RequestToken?L=' . $License . '&P=pkgExpressEntry&IP=' . $ip); //Personator Packages //pkgBorgCheck Personator Web Service (Check Action) //pkgBorgVerify Personator Web Service (Verify Action) //pkgBorgMoveUpdate Personator Web Service (Move Update Action) //pkgBorgAppend Personator Web Service (Append Action) //pkgBorgGeoCode Personator Web Service (Geocode Action) //pkgBorgGeoPoint Personator Web Service (GeoPoint Action) //pkgExpressEntry Express Entry //unpack the xml $xml_r = new SimpleXMLElement($xml); //grab out the token $token = (string)$xml_r->Token; //send the token to the client in a json packet $data[] = array('token' => $token); //this encodes the data and sends it back to the client echo json_encode($data); flush(); } ?>
JavaScript Code (for your web page)
var token; window.onload = function() { $.ajax( { type: "POST", // Your PHP server hostname or IP in the following line url: "http://192.168.13.237/licensekey.php", //NOTE: ajax requires that the client and server side scripts be located on the same domain data: {function:"gettoken"}, dataType: 'json', success: function(data) { token = data[0].token; //alert(token); // uncomment this if you want to see the token being returned } }); }