API Authentication Methods
This topic introduces API authentication methods for API requests and API events.
Authentication methods
API requests and events use token for authentication.
- API requests
The application server should get an API token from PBX using API username and password (a 32-digit lowercase string, encrypted in MD5). Valid token must be appended every time the application server calls an API interface.
Note: Refresh API token to ensure token validity.
- HTTP events
The application server should get an API token from PBX using API username and password (a 32-digit lowercase string, encrypted in MD5) and ensure token validity, so that PBX can send events to the application server.
Note: Refresh API token to ensure token validity.
Token expiration
A token expires after 30 minutes.
If the application server needs access to the PBX API after 30 minutes, you need to Refresh API token. A refreshed token allows the application server to obtain a new token.