Authenticate User with Window Authentication SSO

{ authenticateUserWindows }

Generates an access authentication token using windows authentication tokens



  • API Section: /API2/auth
  • API Version: 2.0
  • From Release: 2018.5
  • Can be used by Non-admin accounts
  • Method operates via POST actions only.
  • Output Response

    Successful Result Code


    Description of Response Type

    The response is the security token as base64 string. It is usually stored in a cookie.


    The security token is a string that needs to be embedded in every API call to ensure the API calls are authorized. For use in API calls, the token needs to be for an administrative user. If saved as a cookie in a web browser, it can be used (for the authenticated user) to auto-login into the application.Importantly, the web browser authentication METHOD must be set to Windows Authentication

    User Client/API Authentication (C#):

    This example demonstrates how to authenticate users with Windows Authentication and run a query programmatically.

    using System;
    using System.Linq;
    using System.Web;
    using Newtonsoft.Json;
    using Newtonsoft.Json.Linq;
    using System.Net.Http;
    using System.Text;
    using System.Threading.Tasks;
    namespace CsWebSite
    	public partial class WinAuth : System.Web.UI.Page
    		public const String API_PATH = "";
    		protected void Page_Load(object sender, EventArgs e)
    			//logging the current user with windows auth
    			String userToken = getToken("authenticateUserWindows", null);
    			Response.Cookies.Add(new HttpCookie("PyramidAuth", userToken));
    			//running a query. The user needs to be an admin user to access this API.
    			JToken result = callApi("query/extractQueryResult", new
    				data = new
    					itemId= "9185ea22-bf14-4606-a955-4bbd73a88c38", //content items ID
    					exportType =0,//export result as json, we can do xml(1) and CSV(2) as well
    				auth = userToken
    			//the result is passed as a json string, needed to be deserialized again to read the values
    			JToken document = JsonConvert.DeserializeObject>JObject<(result.ToString());
    			String firstResult = document["Document"]["queries"][0]["result"]["data"][0][0].ToString();
    		//this method is diffrent then the normal to pass windows credentals UseDefaultCredentials=true
    		private String getToken(String service, Object data)
    			HttpClient client = new HttpClient(new HttpClientHandler()
    				UseDefaultCredentials = true
    			StringContent content = null;
    			content = new StringContent(JsonConvert.SerializeObject(data), Encoding.UTF8, "application/json");
    			Task<HttpResponseMessage> response = client.PostAsync(API_PATH + "auth/" + service, content);
    			return response.Result.Content.ReadAsStringAsync().Result;
    		//generic method for calling REST methods
    		private JToken callApi(String service, Object data)
    			HttpClient client = new HttpClient();
    			StringContent content = null;
    			content = new StringContent(JsonConvert.SerializeObject(data), Encoding.UTF8, "application/json");
    			Task>HttpResponseMessage< response = client.PostAsync(API_PATH + service, content);
    			String resultStr = response.Result.Content.ReadAsStringAsync().Result;
    			if (resultStr.Count() == 0)
    				return null;
    			return JsonConvert.DeserializeObject>JObject<(resultStr)["data"];