Deprecated: Authenticating Using the X-VP-AUTH-API Key and X-VP-AUTH Token
The old way of authenticating, using the X-VP-AUTH-API key or X-VP-AUTH token, is still supported for existing integrations but it is not used for new ones. If you are already following best practices in your REST API integration, then you are not affected by the authentication upgrade at all. However, the upgrade affects integrations using the X-VP-AUTH token.
Effects of the Authentication Upgrade on Integrations Using the X-VP-AUTH Token
- The X-VP-AUTH token generated today is longer than the previously generated 128 characters token.
- Previously generated X-VP-AUTH token was valid for 1 hour and the client got a new X-VP-AUTH token on every backend request. Now, integrations using X-VP-AUTH token for more than an hour need to re-authenticate their session when given 401 (Unauthorized) response back, because we no longer generate a new X-VP-AUTH token on each new request.
- Integrations that are looking for parameters other than X-VP-AUTH header or Cookie in the authentication response no longer work. Clients should solely rely on X-VP-AUTH header or Cookie parameter for authenticated session.
If you are one of the clients who are affected by this upgrade, please make sure you have the following behaviour when getting the authorization token:
- Your integration must read X-VP-AUTH from Response Header or Cookie.
- Make sure your integration handles re-authentication when given 401 response for an operation.