Authentication Token

Authentication is provided by an authorization header.

Digest Authentication is proposed to be used for the authentication (same as for SIP and VDP). The recommended time interval for re-verification is proposed to be 30 minutes.

For more information, see https://en.wikipedia.org/wiki/Digest_access_authentication, and the RFC 7616.

Example:

HTTP header
"Authorization" : " Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJp ZCI6IiIsIm5hbWUiOiIgIiwidHlwZSI6IlVzZXIiLCJlbWFpbCI6IiIsInBob3RvVXJsIjoiIiwiYXV0aFByb3ZpZGVyIjoidW5rbm93biIsImF1dGhfcHJvdmlkZXIOiJub2RlLWFwaS1zYW1wbGUiLCJpYXQiOjE2MDA5NTY4NzEsImV4cCI6MTYwMTU2MTY3MX0.tblXKOrBf8vmqG4fIXBj12V65x-gPD-Q9KS2JhVYBm8"

The MCS and PBX will try to verify this token for validity. For performance reasons, the token is cached for 30 minutes, before it is re-verified.

The call history can be accessed by authenticating against the user's login credentials, giving only access to the user's call history. With the command user_authentication, the administrator can configure a user to access all generic extension call history.

Parent topic: Authentication And Security