API Authentication Methods

This topic introduces API authentication methods for API requests and API events.

Authentication methods

API requests use token for authentication; API events use different authentication methods according to different event protocols.
  • API requests

    The application server should get an API token from PBX using API username and password (a 32-digit lowercase string, encrypted in MD5). Valid token must be appended every time the application server calls an API interface.

    Note: or extend API token validity to ensure token validity.
  • HTTP events

    The application server should get an API token from PBX using API username and password (a 32-digit lowercase string, encrypted in MD5) and ensure token validity, so that PBX can send events to the application server.

    Note: or extend API token validity to ensure token validity.
  • TCP events

    After a TCP connection between the application server and PBX is established, the application server should send TCP login data to PBX using API username and password (cleartext). After the authentication is passed, PBX will send events to the application server.

    Note: When PBX or the application server reboots or meets with network error, the application server should establish a new TCP connection and send TCP login data again.

Token expiration

A token expires after 30 minutes.

If no interaction between PBX and the application server within 30 minutes (e.g. the application server sends API requests to PBX), PBX will clear the token.

The application server can use heartbeat to Keep API token alive. Every time heartbeat is sent, token validity can be extended to 30 minutes.