How to access the server API when External Authentication enabled?

We're using Token authentication so that we can tie the Spotfire user sessions to our application users maintained on a variety of different servers and using various mechanisms.   The token authentication is a must, since we do not want to be managing user passwords separately from these disparate systems.   The token is being passed as a URL parameter in the links to Spotfire documents.

The token authentication is working fine for the apps and normal user access to the visualization documents themselves, however....

Trying to access the Spotfire Server API (in particular, for the UserDirectory service), it's having fits because the token authentication is enabled and affects the API user as well as the document users.   In this case, we're trying to access the API as a C# soap client and so far have not been able to make adding a token to the URI for the web service work-- I get a 302 (Found) response, which appears to be the redirect.

Should the standard web service functions in C# be able to sustain a Spotfire session in order for this redirect to work?  Will I need to do some kind of additional processing of the 302 response in order to accomplish a redirect?  

Is there any way to access the server API that doesn't require external authentication when external authentication is enabled?   Ideally, we'd prefer to enable external authentication on the visualization users, but not on the API-- there, the standard Spotfire authentication would work fine, and in fact, if we turn off external authentication, we have no problem communicating with the API.   Tying the API to the same authentication mechanisms used by users which is subject to customization, seems to needlessly complicate access to the API (or at least, does in our case).




Keith Doyle



(3) Answers