How to Dynamically Generate User-Specific Session IDs for API Authorization in External Applications
We are developing an external application that connects to Decisions via API, using it primarily as a backend database. The application authenticates users with Decisions credentials and runs reports and flows. Currently, we can only manually create user-specific session IDs (e.g., through Named Sessions), which isn’t scalable or secure. We want to dynamically generate a session ID for each user (without storing passwords or hardcoding sessions) to authorize API calls per user. Is there a native way to generate such user-specific session IDs at login or account creation? If not, what would be the best alternative to dynamically authorize per-user API access?
Comments
-
Hi,
you can dynamically generate and manage user-specific session IDs in Decisions without relying on Named Sessions or storing passwords manually. The recommended and secure way to handle this is by using JWT (JSON Web Tokens) in conjunction with Decisions' built-in authentication and session context tools. Here's how to do it:
- Use
LoginAndGetJWTToken
method in Call internal Decisions Service Step:- This step logs a user in and returns a JWT token securely, without storing credentials.
- Call this during your external app’s login process, passing the user’s credentials from the frontend.
- Use
GetContextFromJWTToken
method in Call internal Decisions Service Step:- Use this immediately after login to extract the session context from the JWT.
- This includes the
SessionId
, which can be stored securely in your app’s session store.
- Pass SessionId in API Calls:
- You can now use the session ID to make user-specific API calls, e.g.:
http://yourserver/Primary/REST/ReportService/RunReport?ReportID=xyz&sessionid={sessionId}
- Invalidate Sessions on Logout:
- Call the Logout API (
/REST/AccountService/Logout
) with thesessionid
to terminate the session properly:
- Call the Logout API (
{ "sessionid": "{sessionId}", "outputtype": "Json" }
Documentation:
- Use
Howdy, Stranger!
Categories
- 4.3K All Categories
- 74 General
- 12 Training
- 206 Installation / Setup
- 1.1K Flows
- 110 Rules
- 268 Administration
- 212 Portal
- 496 General Q & A
- 709 Forms
- 344 Reports
- 3 Designer Extensions
- 48 Example Flows
- 57 CSS Examples
- 1 Diagram Tile
- 7 Javascript Controls
- 184 Pages
- 5 Process Mining
- New Features
- 186 Datastructures
- 70 Repository
- 229 Integrations
- 28 Multi-Tenant
- 27 SDK
- 81 Modules
- 58 Settings
- 25 Active Directory
- 12 Version 7
- 35 Version 8
- 143 Lunch And Learn Questions