Introduction to Working with Authentication Tokens and FOLIO APIs
FOLIO has implemented a refresh token method to maintain a secure connection as of the Poppy release. This will be necessary when working with FOLIO APIs.
High level overview of the process:
FOLIO user sends a FOLIO username and password in a simple JSON document to a particular API endpoint (
/authn/login-with-expiry )The FOLIO username and password for this process needs the discreet capabilities (view, add, edit, delete capabilities) to interact with the FOLIO app associated with the endpoints and API capabilities.
The FOLIO endpoint sends back a string of characters known as a token.
FOLIO user sends the FOLIO tenant ID and that token to API endpoints to run make the requests and interact with the FOLIO data.
A new token needs to be generated at least every 10 minutes.
Generating an authentication token
POST the following document to https://okapi-yourinstititution.folio.ebsco.com/authn/login-with-expiry
{
"username": "your_username",
"password": "your_password"
}
With an additional header
x-okapi-tenant: your_tenant_id
This process sets a token in a session cookie that you can use to authenticate calls to the APIs by setting these headers:
x-okapi-tenant: your_tenant_id
x-okapi-token: whatever_token_was_sent
For a more detailed example see FOLIO Client Power Shell.