Express Entry:Token Server

From Melissa Data Wiki
Jump to navigation Jump to search

← Global Express Entry

Express Entry Navigation
Global Getting Started
  ↳  Filtering Responses
XML Response
JSON Response
Global XML Response
Global JSON Response
Token Server
Result Codes
Result Code Use
Express Entry Result Codes
Sample Code

Using the Token Server

Express Entry supports the use of authentication tokens to access the service. The token server is most often used when your license string must be concealed, such as in a web page using Express Entry that is facing the public.

Tokens are more secure when compared to the other methods of passing sensitive information in plain text over a network, where it could be observed by a third party. PHP code and a JavaScript script which calls the PHP are provided to demonstrate how to implement tokens in a web page.

In order to implement the PHP and JavaScript sample:

  • The server must have PHP enabled.
  • The sample PHP must be loaded on the server and your License Key must be entered where marked in the code.
  • The JavaScript sample must be pasted into your webpage and edited with your IP information.
  • Both the PHP sample and the calling Javascript must be on the same domain.

Note that the page where the JavaScript resides must be in the same domain as the file containing the PHP token-handling code. This is due to ‘same origin policy’ of AJAX. If Express Entry does not respond with addresses after inserting/adding the Javascript and PHP code, make sure that the JavaScript is called from the same domain as the server hosting the PHP, and that the token variable is being used instead of your ident or License Key.

The code is commented where the necessary changes (such as adding the License Key) are to be made.


You may also make a REST request to the token server. The service URL is:

The available REST request parameters are:


A sample REST request would be:[LICENSE Key]&p=pkgExpressEntry&IP=[IP ADDRESS]

This returns a token starting with ‘T:’. The IP Addres is optional added security. If you send your IP Address, we can detect unauthorized use of your tokens and take preventative measures.

A sample REST response would be:

    <token> T:pr6HTPwPUBeJ3XWpIC6UyC**Bc4ElmAuNlvsd7pri75pJL** </token>

Token Server Support Sample Project

Token Server Support Sample Code

PHP Code

  // change this to your License Key
  $License = '########';

  //APACHE - You can use any other ways to get your external IP. Make sure that its echoing external IP not internal LAN IP.
  //Depending on how secure or optimized you want to capture your IP address. You may want to change how IP is determined
  //$host= gethostname();
  //$ip = gethostbyname($host);

  $ip = gethostbyname($_SERVER['SERVER_NAME']);
  //check for function
  if ( !isset($_REQUEST['function']) )
    $func = $_REQUEST['function'];
    //get the token
      if ($func == 'gettoken')
        //customize the token request
        //example for Check Action
        $xml = file_get_contents('' . $License . '&P=pkgExpressEntry&IP=' . $ip);
        //Personator Packages
        //pkgBorgCheck Personator Web Service (Check Action)
        //pkgBorgVerify Personator Web Service (Verify Action)
        //pkgBorgMoveUpdate Personator Web Service (Move Update Action)
        //pkgBorgAppend Personator Web Service (Append Action)
        //pkgBorgGeoCode Personator Web Service (Geocode Action)
        //pkgBorgGeoPoint Personator Web Service (GeoPoint Action)
        //pkgExpressEntry  Express Entry
        //unpack the xml
        $xml_r = new SimpleXMLElement($xml);
        //grab out the token
        $token = (string)$xml_r->Token;  

        //send the token to the client in a json packet
        $data[] = array('token' => $token);
        //this encodes the data and sends it back to the client
        echo json_encode($data);

JavaScript Code (for your web page)

var token;
window.onload = function()
    type: "POST",
    // Your PHP server hostname or IP in the following line
    url: "", //NOTE:  ajax requires that the client and server side scripts be located on the same domain
    data: {function:"gettoken"},
    dataType: 'json',
    success: function(data) 
      token = data[0].token;
      //alert(token); // uncomment this if you want to see the token being returned