Can anyone outline the process that is described in the Administration Guide > API Tokens
The API Token is a pseudo-user account that is useful for anyone developing an application using the
Usually, an API-based app would need to log in to the Portfolio API and get a session ID, which would need
to be renewed when itssession with Portfolio times out.
Instead, you can create an API Token which the developer can use to connect to the API, bypassing the
need for additional session management.
The API Token can be granted membership to any and all catalogs, and can be assigned different access
levelsfor different catalogs.
The permissionsthat a session using an API Token has depend on the catalogsit is a member of, and its
accesslevel in each catalog.
Connections using an API Token do not count against the number of user connections available to your
For more information about the Portfolio API, see The Portfolio API on page 65[/quote]
I am trying to implement some basic functionality calling the REST API. I am trying to avoid the whole encryption / encoding / session thing, and it would be nice to use the method above. Can anyone provide guidance on
- How the api token is generated (does server admin do this like they are setting up a user?)
- Is the token just passed in as a query param on the GETs and as payload in the PUTS/POSTS?
Any help would be appreciated. WE are running Portfolio Web 2.0.0 (20151028-63670ff)