Hi,
We are creating an integration between Smallworld and FME Server. The Smallworld tool will call an FME workspace on our FME Server. The FME Server is hosted internally only and we are using built in authentication.
There is an option in FME Server to create a short lived session token via the api. I've set up a user that only has access to this repository that can be used to generate the token.
There is a second option in the Administrator interface to generate a fixed api token. When is this used? Is it more or less secure? The Smallworld developer notes that if you are using a user name and password to generate the short lived token then the risk is similar:
'It seems to me that the API token with restrictions is more secure than username/password. Such a token is long and not recommended. It can be extracted from the Smallworld session and this applies for username/password.'
For integration with Portal for ArcGIS we use the short lived token generated by a built in user when Oauth is not appropriate.
Any info or comments would be appreciated.
Thanks,
Annette
Best answer by virtualcitymatt
View original
