Initiate IDP User Session

If your HMP is connected to an Identity Provider, this request authenticates the user for an IDP user account. In the request's payload you must provide the API key and secret for the account, which can be found in the admin section of the web interface. See Managing Users for details.

Use the returned authToken to authenticate subsequent API requests. The token expires after 30 minutes.

Authorizations: All

Requests

POST /apis/authentication/login/key

{
  "apiKey": "<api key>",
  "apiSecret": "<api secret>"
}

Response

Example:

{
  "data": {
    "admin": true,
    "assets": {},
    "authToken": "<auth token>",
    "displayName": "User0Groups TheUser",
    "groups": [],
    "id": "d2be5490-f70e-4132-9570-d8a45d94204f",
    "lastAction": "2025-03-21T19:20:01.099Z",
    "lastLoginDate": "2025-03-21T17:29:07.272Z",
    "provisionType": "jit",
    "numLoginFailures": null,
    "preferredUsername": "43ab703c-9a65-4c89-b005-daebc663590f",
    "roleIds": ["912cf463-409a-4df0-89ff-68016b213c77"],
    "roles": [
      {
        "id": "912cf463-409a-4df0-89ff-68016b213c77",
        "name": "Administrator",
        "admin": true,
        "permissions": {}
      }
    ],
    "sections": {},
    "sessionId": "2167935c-5633-4aad-a814-2279bc928944",
    "sessions": {},
    "sharePermissions": {},
    "sources": {},
    "username": "43ab703c-9a65-4c89-b005-daebc663590f",
    "serviceMessages": [
      "Password change required for built-in user account (operator)"
    ]
  }
}

Caution

This data is informational only and subject to change in future HMP releases.

REST API developers are encouraged to check for a 200 OK status to verify that a session is valid, but otherwise ignore this response except for the authToken field. REST API applications that use the data from this response may stop functioning and break user logins if this response is changed.

The value of the authToken field should be used to authenticate the user for all subsequent requests using the Bearer authentication method.

Error

Code	Payload	Description
400	{"code":"010001","name":"InputValidation", "message":<Error message>, "httpStatusCode":400}	An apiKey or apiSecret was missing or the wrong JSON type.
401	{"code":"020001","name":"UserNotAuthorized", "message":"User has no roles assigned", "httpStatusCode":401}	User has no role assigned.
401	{"code":"020002","name":"InvalidCredentials", "message":"Invalid credentials", "httpStatusCode":401}	The apiKey and/or the apiSecret was incorrect.
500	{"code":"070051","name":"CreateUserSession", "message":"Could not create user session", "httpStatusCode":500}	An internal error occurred.
500	{"code":"070000","name":"InternalServer", "message":<Error message>, "httpStatusCode":500}	An internal error occurred.
503	{"code":"090002","name":"ServiceUnavailable", "message":"No connection to authentication server", "httpStatusCode":503}	Authentication service is unavailable. Please try again later.