Skip to main content
  • EN

Hi,

 

We are creating an integration between Smallworld and FME Server. The Smallworld tool will call an FME workspace on our FME Server. The FME Server is hosted internally only and we are using built in authentication.

 

There is an option in FME Server to create a short lived session token via the api. I've set up a user that only has access to this repository that can be used to generate the token.

 

There is a second option in the Administrator interface to generate a fixed api token. When is this used? Is it more or less secure? The Smallworld developer notes that if you are using a user name and password to generate the short lived token then the risk is similar:

'It seems to me that the API token with restrictions is more secure than username/password. Such a token is long and not recommended. It can be extracted from the Smallworld session and this applies for username/password.'

 

For integration with Portal for ArcGIS we use the short lived token generated by a built in user when Oauth is not appropriate.

 

Any info or comments would be appreciated.

 

Thanks,

Annette

Not a small world user but we create an API tokens with restricted permissions - For us this is enough. You can also create new users and create specific tokens for those users. This means you can have a number of tokens linked to different users and can see which user ran a job in FME Server.

 

Providing a token in a way is better in my view because if you create a shot lived token you still need to generate the token with the user credentials which need to be stored somewhere. If someone gets them then they can use the credentials to log in to the server. The token will not let you log in and it can be disabled.

 

 

Thank you Matt for your input.

Reply


Community Stats

30,351
Posts
115,341
Replies
38,080
Members
Terms & ConditionsCookie settings
A product of
Safe Software respectfully acknowledges that we live, learn and work on the traditional and unceded territories of the Kwantlen, Katzie, and Semiahmoo First Nations.