API Authentication
Overview
The VersionOne API supports different authentication types for the requests that it receives. Authentication associates the API request with a specific Member in the system and secures data according to the Roles and Project Memberships assigned to that Member. Most VersionOne APIs require authentication and respond with a 401 Unauthorized for a request that cannot be authenticated. If no such asset exists, or if you do not have sufficient rights to view it, then the response will be 404 Not Found.
Some endpoints are tied to the authentication mechanism of the VersionOne application. Although there are multiple options, the selected option will apply everywhere. The following authentication mechanisms are supported by VersionOne:
- Access Tokens (Recommended)
- Basic
- Windows Integrated Authentication
As of the Winter 2015 release, VersionOne supports its own type of Access Token Authentication. VersionOne Access Tokens are far easier to create and use than the other authentication mechanisms, and is the recommend approach as it can be used no matter if your VersionOne instance is configured for Basic, Windows Integrated Authentication, or a third-party SSO authentication method like SAML.
| API Endpoint | Authentication |
|---|---|
| attachment.img | All |
| loc.v1 | None |
| meta.v1 | None |
| query.v1 | All (NTLM Excluded) |
| rest-1.v1/Data | All |
| rest-1.v1/Hist | All |
| rest-1.v1/New | All |