1.3 Authorization and Authentication
Security is always a significant consideration when working with any online service. The REST API works with security in two ways: authorization and authentication. Authentication proves that the user is who they say they are. Authorization verifies that the user is authorized to make the call.
Most calls to FME Server require authorization. The REST API uses tokens to prove the user is permitted to make the call to the server. A token is a string of encrypted information that is sent between the client and the server. Token Security will not be as secure as other methods, as the security of the system depends on controlling access to the tokens.
When replacing <yourServerHost> with your hostname. You can use localhost if you are working on the machine where FME Server is installed. If you are accessing from a remote machine, you need to specify an accessible URL either by IP address or server hostname.
| NEW |
| Token management has been dramatically updated in 2019.0! Before a token was tied directly to a users account and a user could only hold a single token at once. However, in 2019.0 a single user can have many tokens and directly control what that token has access to. This is an easier system and makes the token system much more secure. |
| WARNING |
| Tokens can hold a lot of power. To guarantee the security of FME Server, ensure a token's permissions are configured so that it can be used only for its intended purpose, such as running a particular workspace. |