How to Dynamically Generate User-Specific Session IDs for API Authorization in External Applications

We are developing an external application that connects to Decisions via API, using it primarily as a backend database. The application authenticates users with Decisions credentials and runs reports and flows. Currently, we can only manually create user-specific session IDs (e.g., through Named Sessions), which isn’t scalable or secure. We want to dynamically generate a session ID for each user (without storing passwords or hardcoding sessions) to authorize API calls per user. Is there a native way to generate such user-specific session IDs at login or account creation? If not, what would be the best alternative to dynamically authorize per-user API access?

Comments

  • Hi,

    you can dynamically generate and manage user-specific session IDs in Decisions without relying on Named Sessions or storing passwords manually. The recommended and secure way to handle this is by using JWT (JSON Web Tokens) in conjunction with Decisions' built-in authentication and session context tools. Here's how to do it:

    1. Use LoginAndGetJWTToken method in Call internal Decisions Service Step:
      • This step logs a user in and returns a JWT token securely, without storing credentials.
      • Call this during your external app’s login process, passing the user’s credentials from the frontend.
    2. Use GetContextFromJWTToken method in Call internal Decisions Service Step:
      • Use this immediately after login to extract the session context from the JWT.
      • This includes the SessionId, which can be stored securely in your app’s session store.
    3. Pass SessionId in API Calls:
      • You can now use the session ID to make user-specific API calls, e.g.:
    http://yourserver/Primary/REST/ReportService/RunReport?ReportID=xyz&sessionid={sessionId}
    
    1. Invalidate Sessions on Logout:
      • Call the Logout API (/REST/AccountService/Logout) with the sessionid to terminate the session properly:
    {
      "sessionid": "{sessionId}",
      "outputtype": "Json"
    }
    

    Documentation:


Sign In or Register to comment.