Authentication

Overview

API routes require authentication unless noted. You can use BasicAuth or you can get an AcccesToken. In all cases, the username and password are the ones used to log into the FileMaker Server Admin Console on the server.

You can use Access Tokens for any use case, but they make more sense for web applications, where you have to store the access in the browser itself.  

Basic Authentication

Use the Filemaker Server Admin Console username and password for each request. Can't be used for web sockets requests. You need to use this method when communicating between Otto servers, which you do in during a migration.  See the migration.json spec for more information.

Access Token Authentication

You get the token by Posting to an authentication route (see below). The token expires in 6 hours.

POST /authentication
contentType : application/json
no authentication required
body:

{ 
 "strategy": "local",
  "user": "<user>",
  "password": "<password>" 
}
	
Response:
{ "accessToken": "eyJhbGciOiJIUzI1NiIsIn..."}
	
Use that token with an Authorization header for any subsequent requests
Authorization: Bearer eyJhbGciOiJIUzI1NiIsIn...

You can get a new token at any time before the old one expires, by Posting to /authentication with just the token in the Authorization header like you do for all other routes. This will give you a new token.

Still need help? Contact Us Contact Us