REST API Security and Authentication

Storyteller's REST API is served over HTTPS if Storyteller is configured to run with SSL. HTTPS ensures secure communication of API requests and responses.

Storyteller exclusively supports Basic Authentication for the submission of credentials. Thereafter, a proprietary token is used. To obtain a token, you must provide an Authorization header with Basic scheme. Refer to the Quick Start Example for more information.

Token Expiry

You can obtain the token expiry by viewing the header of the Authenticate response. The token expiry is stored in the blueprinttokenexpirydate parameter of the Authenticate response header.

Here is an example of the blueprinttokenexpiry parameter in the Authenticate response header:


'content-length': '238',

'x-xss-protection': '1; mode=block',

'blueprinttokenexpirydate': 'Thu, 28 Nov 2013 17:20:34 GMT',

'x-content-type-options': 'nosniff',

'expires': '-1',

'server': 'Blueprint',

'pragma': 'no-cache',

'cache-control': 'no-cache',

'date': 'Thu, 28 Nov 2013 16:50:34 GMT',

'x-frame-options': 'deny',

'content-type': 'application/json; charset=utf-8',

'authorization': 'BlueprintToken M6Uf+rS0WsqD89d2Rf+nw18...[Truncated]...GtqNUWYFuNC81mF0o='