Last updated: 2024-06-26

One time access token

When having a web browser performing a file download, using the ShareAspace file REST API, an access token is used as a query parameter (see file download).

While it is supported to use the full access token in this scenario it is not recommended to do so. Instead, a "one time use" (valid for 3 seconds) and scoped access token can be requested.

Note

When writing a client that can pass the access token in an Authorization header when doing a file download it is not as important to use the one time tokens (since the token is not passed as a query parameter). The typical scenario for the one time token is when handing over a link to a ShareAspace secured file for a web browser to render.

Get one time token space route

GET api/space/{spaceId}/oneTimeToken
Content-Type: application/json
Authorization: Bearer eyQWE...

{
    "route": "/space/space1/independentFile/0900000000000000120113000000"
}

Response example

{
    "href": "https://my.machine.net/api/space/space1/oneTimeToken",
    "data": {
        "token": "eyJh...Fh_2w"
    }
}

Decoded header of onetime token

{
  "alg": "HS512",
  "typ": "JWT"
}

Decoded data example for space route

{
  "email": "oem.pa@eurostep.com",
  "route": "/space/space1/independentFile/0900000000000000120113000000",
  "method": "get",
  "nbf": 1588855405,
  "exp": 1588855705,
  "iat": 1588855405,
  "iss": "https://my.machine.net/AuthorizationServer",
  "aud": "sasweb"
}

Get one time token collection route

GET api/collection/oneTimeToken
Content-Type: application/json
Authorization: Bearer eyQWE...

{
    "route": "/collection/fs/file/Client/Web/TileIcons/state.svg"
}

Routes supporting one time token

Collection routes are secured by `OneTimeToken`


route	Method
`"fs/file/zip"`	POST
`"download/fs/dir/{*path}"`	GET
`"fs/file/{*path}"`	GET
`"fs/filecontent/{*path}"`	GET
`"fs/file/preview/content/{*path}"`	GET

Space routes are secured by `OneTimeToken`


route	Method
`"/eventlogFile/download"`	GET
`"/independentFile/{objectId}"`	GET
`"/independentFile/filecontent/{objectId}"`	GET
`"/messageThread/{messageThreadObjectId}/{path}"`	GET
`"/participant/{participantId}/fs/file/zip"`	Post
`"/participant/{participantId}/download/fs/dir/{*path}"`	GET
`"/participant/{participantId}/fs/file/{*path}"`	GET
`"/participant/{participantId}/fs/filecontent/{*path}"`	GET
`"/fs/file/zip"`	POST
`"download/fs/dir/{*path}"`	GET
`"fs/file/{*path}"`	GET
`"fs/filecontent/{*path}"`	GET
`"fs/file/zip"`	POST
`"download/fs/dir/{*path}"`	GET
`"/user/fs/file/{*path}"`	GET
`"/user/fs/filecontent/{*path}"`	GET
`"fs/file/preview/content/{*path}"`	GET
`"/independentFile"preview/content/{*location}"`	GET
`"/participant"{participantId}/fs/file/preview/content/{*path}"`	GET
`"/user"fs/file/preview/content/{*path}"`	GET

Table of Contents