Deprecated: Authenticating using the X-VP-AUTH-API key and X-VP-AUTH token

Attention: We have made major changes in our authentication infrastructure to support the OAuth 2.0 protocol and we strongly recommend clients with existing integrations to upgrade as soon as possible. If you have an existing integration and want to upgrade, please contact your Account Manager for further assistance. For more information, see Pulse REST API authentication.

The old way of authenticating, using the X-VP-AUTH-API key or X-VP-AUTH token, is still supported for existing integrations but it is not used for new ones. If you are already following best practices in your REST API integration, then you are not affected by the authentication upgrade at all. However, the upgrade affects integrations using the X-VP-AUTH token.

Effects of the authentication upgrade on integrations using the X-VP-AUTH token

  • The X-VP-AUTH token generated today is longer than the previously generated 128 characters token.
  • Previously generated X-VP-AUTH token was valid for 1 hour and the client got a new X-VP-AUTH token on every backend request. Now, integrations using X-VP-AUTH token for more than an hour need to re-authenticate their session when given 401 (Unauthorized) response back, because we no longer generate a new X-VP-AUTH token on each new request.
  • Integrations that are looking for parameters other than X-VP-AUTH header or Cookie in the authentication response no longer work. Clients should solely rely on X-VP-AUTH header or Cookie parameter for authenticated session.

If you are one of the clients who are affected by this upgrade, please make sure you have the following behavior when getting the authorization token:

  • Your integration must read X-VP-AUTH from Response Header or Cookie.
  • Make sure your integration handles re-authentication when given 401 response for an operation.
Note: If you need more information on the old authentication mode, using the X-VP-AUTH-API key or X-VP-AUTH token, please contact Technical Support or your Account Manager.