Discussions

From my experience the only way to retrieve an OAuth token from REST, from an external client is to use authentication details of a user that is in the RemoteService role when posting.

Offset=2 should just start at record 2. Instead it starts at the first record and the offset doesn't matter. Example to reproduce get in postman
api/party?offset=2 and then
/api/party?offset=3 not the returns are the same parties.

I am trying to find the simplest way to use an externally hosted API that will process requests that a user has insufficient rights to do using the passthrough API. I have a process working that uses the SSO to get a bearer token that the external API can then use to query the scheduler endpoint to verify a user is authenticated. I'm looking for a simpler way to allow the external API to verify that a user is authenticated and who they are. It seems like I should be able to use the passthrough API to get a bearer token that could be passed to the external API without all the overhead of using the SSO functionality, but I can't get the syntax of the call correct. Here is a call that works and return a bearer token from the API but it uses the "password" as a grant_type which I won't have. I want to make the same call, but use the requestverificationtoken for authentication. Is this possible, and can you post a raw request as an example so I can get the syntax of the call correct. Here is a call that return a bearer token from the passthrough API but it requires username and password instead of the requestverificationtoken. You can see that it has the required cookie and request verification token in the header already. It just needs the correct grant type and any other required fields in the body.

I have a need to encrypt data for specific field - not credit card data. It's intended to run on the RiSE site (not cloud) via the web (not desktop, reporting, etc.). Is there a REST equivalent to Asi.Security.Utility.Encryptor or similar? Basic code runs in the scheduler site but not in the general site (can't find KEK file errors). If REST is available I'd like to use it. Thanks.

I have a client running iMIS version 20.2.1.235.
I need to make REST API calls for public (unauthenticated) users but I do not see the __RequestVerificationToken element in the DOM, which is required to make API calls.
Is there a way to set iMIS to render this element? Is there an alternative way to make the call in case this element is unavailable in this version?

Has anyone seen this error when registering an Event? It occurs only in the Public view website (registrations occur properly from Staff View).

I am looking for the endpoint to authenticate members. I have used this endpoint

I am trying to write SOA .NET code to make a payment against a single voluntary subscription with adjustable amount. All the examples I have found make a payment against an invoice OR add a single line item.

I have an SSO application setup that works, but the "Refresh token lifetime" value doesn't seem to be honoured across the problem. I have the Refresh token lifetime (minutes) variable set to 1440 minutes, but the refresh value I get back following a call to /api/token is "expires_in":1199. It's always 1199 regardless of the value I set it to in the iMIS configuration. Do I need to keep resetting it? Thanks.