Authenticate User with Window Authentication SSO

{ authenticateUserWindows }

Generates a Pyramid access authentication token using windows authentication tokens



  • API Section: /API2/auth
  • API Version: 2.0
  • From Release: 2018.5
  • Can be used by Non-admin accounts
  • Method operates via POST actions only.
  • Output Response

    Successful Result Code


    Description of Response Type

    The response is the security token as a base64 string. It is usually stored in a cookie.


    The security token is a string that needs to be embedded in every API call to ensure the API calls are authorized. If saved as a cookie in a web browser, it can be used (for the authenticated user) to auto-login into the application.Importantly, the web browser must support Windows Authentication and the authentication METHOD must be set to 'Windows Authentication' in Pyramid.

    User Client/API Authentication (C#):

    This example demonstrates how to authenticate users with Windows Authentication and run a query programmatically.

    using System;
    using System.Linq;
    using System.Web;
    using Newtonsoft.Json;
    using Newtonsoft.Json.Linq;
    using System.Net.Http;
    using System.Text;
    using System.Threading.Tasks;
    namespace CsWebSite
    	public partial class WinAuth : System.Web.UI.Page
    		public const String API_PATH = "";
    		protected void Page_Load(object sender, EventArgs e)
    			//logging the current user with windows auth
    			String userToken = getToken("authenticateUserWindows", null);
    			Response.Cookies.Add(new HttpCookie("PyramidAuth", userToken));
    			//running a query. The user needs to be an admin user to access this API.
    			JToken result = callApi("query/extractQueryResult", new
    				data = new
    					itemId= "9185ea22-bf14-4606-a955-4bbd73a88c38", //content items ID
    					exportType =0,//export result as json, we can do xml(1) and CSV(2) as well
    				auth = userToken
    			//the result is passed as a json string, needed to be deserialized again to read the values
    			JToken document = JsonConvert.DeserializeObject>JObject<(result.ToString());
    			String firstResult = document["Document"]["queries"][0]["result"]["data"][0][0].ToString();
    		//this method is diffrent then the normal to pass windows credentals UseDefaultCredentials=true
    		private String getToken(String service, Object data)
    			HttpClient client = new HttpClient(new HttpClientHandler()
    				UseDefaultCredentials = true
    			StringContent content = null;
    			content = new StringContent(JsonConvert.SerializeObject(data), Encoding.UTF8, "application/json");
    			Task<HttpResponseMessage> response = client.PostAsync(API_PATH + "auth/" + service, content);
    			return response.Result.Content.ReadAsStringAsync().Result;
    		//generic method for calling REST methods
    		private JToken callApi(String service, Object data)
    			HttpClient client = new HttpClient();
    			StringContent content = null;
    			content = new StringContent(JsonConvert.SerializeObject(data), Encoding.UTF8, "application/json");
    			Task>HttpResponseMessage< response = client.PostAsync(API_PATH + service, content);
    			String resultStr = response.Result.Content.ReadAsStringAsync().Result;
    			if (resultStr.Count() == 0)
    				return null;
    			return JsonConvert.DeserializeObject>JObject<(resultStr)["data"];