Goal
Session tracking can be accomplished by exchanging HTTP cookies or bearer tokens between the REST client and Airlock Gateway (WAF). In this example, we use the bearer token variant to work with an Airlock IAM installation.
- The REST client receives a bearer token from the Gateway (WAF) in the "Access-Token" header:
- The REST client must return the value of the header as bearer token with every request in the authorization header:
Airlock Gateway (WAF) HTTP response header example
HTTP/1.1 401 [other headers omitted] Access-Token: fRRyOP-XTJtEcIQbwdzb_IQw1JfTo3kWRfGDmrfPEVletSZmM6s7iZcJbvO0capQHrOX3cLKqmFfkD2Dr0rwVA ...
HTTP request from REST client example
POST /auth/rest/public/authentication/password/check HTTP/1.1 [other headers omitted] Authorization: Bearer fRRyOP-XTJtEcIQbwdzb_IQw1JfTo3kWRfGDmrfPEVletSZmM6s7iZcJbvO0capQHrOX3cLKqmFfkD2Dr0rwVA ...