User tokens in v 5.3

after upgrading to V5.5 several API features stopped working.
I checked that I should recreate another token in the new UI.
i recreated the token and saved it in my project which only uses the API.

now I come across this modification and I don't know how to create a token for registered users via API.
I already tried the following method.
error returned: The @FormParam is utilized when the content type of the request entity is not application/x-www-form-urlencoded - IllegalStateException (...)

// WARNING: For POST requests, body is set to null by browsers.

var xhr = new XMLHttpRequest();
xhr.withCredentials = true;

xhr.addEventListener("readystatechange", function() {
  if(this.readyState === 4) {
    console.log(this.responseText);
  }
});

xhr.open("POST", "https://dominio.com.br/api/session/token?userId=2&expiration=2023-12-31T00:00:00.000Z");
// WARNING: Cookies will be stripped away by the browser before sending the request.
xhr.setRequestHeader("Cookie", "JSESSIONID=node06q33f06zuqyc1tpngettdsdwl562.node0");

xhr.send();
Anton Tananaev2 years ago

Check the API request that the official app is sending.

truth.
I forgot to check this through the UI inspecting the network.
I was looking in the postman collection

but now I see that I don't specify a user.
How do I, as an administrator, create a token for other users?

Anton Tananaev2 years ago

You need to login as a user first. Remember that admin can login as any user.

Willian Ferreira2 years ago

Which person can generate a token by sending the request to /api/session/token

With the parameters

expiration = "date time ISO date"

As I understand it, you don't need to be logged in to generate the token?

?

Anton Tananaev2 years ago

Obviously you have to be logged in.

Willian Ferreira2 years ago

I managed to perfectly test the API and also connect with the Websocket API.

Now I have a question, how do I delete SESSION from everywhere?

In my test, I delete the session using a Delete Method on the /api/SESSION endpoint obviously as documentation returns nothing.

However, the Websocket API continues to allow you to log in using the deleted session cookie.

How do I delete ALL SYSTEM SESSIONS?

Because to what I noticed delete /api/session is just a kind of LOGOUT

Anton Tananaev2 years ago

It shouldn't allow to connect after you delete the session.

pki8 months ago

Hi. So to properly generate a token for a user via API i need to:

  • login as admin
  • use some function to relogin as user?
  • update the token via the /api/session/token for the currently logged in user?

I can not pass the user id of the user i want to generate the token for?

Anton Tananaev8 months ago

Correct.

pki8 months ago

OK, got it working, maybe it helps some in the future.

  1. curl GET to /api/session{userid} with the admin credentials in basic auth.
  2. save the cookie
  3. use the cookie and curl POST to /api/session/token with expiration as data for the post.
Ali8 months ago

Hello. Hope you are doing well.

I am using the REST API of Traccar.
1: Create a session with /api/session (Ok)
2: Create a session token with /api/session/token (Ok)

My first question is that after I create a session by step 1, I get a JSESSIONID in response header. Isn't this token enough for authorization of my requests? Shall I still create a new token by step 2?

My second question and the problem is that when I use token to authenticate my requests I get 500 error.
I use the token as a Bearer token to authenticate my requests. Am I doing it wrong?

headers {
    Authorization: "Bearer node017gfnbvchfuf31i5i829p91yda371.node0"
}

I understand server is using Basic authentication, but don't understand how to use the token to authenticate my requests.

pki8 months ago

Hi. Wrong, the token You need to use in the url, see the first post in this thread.

Anton Tananaev8 months ago

Ali, you're confusing session id with the authorization tokens. Those are entirely different things.