Login

This API is used to initiate interactive logins, or to process JWT login requests.

Endpoints

GET

/login
POST

/login/jwt-session

Initiates login using the active interactive identity provider associated with the tenant. Uses default Qlik identity provider if no customer-configured interactive identity provider is active.

Facts

Rate limit	Tier 1 (1000 requests per minute)
Categories	authenticate

Header Parameters

Qlik-Web-Integration-IDstring

Web Integration ID associated with origin whitelist used to validate returnto value.

Query Parameters

login_hintstring

Hint to the Authorization Server about the login identifier the End-User might use to log in.
returntostring

Relative or full URL on the tenant to redirect to after successful login.

Responses

302

text/html

Redirect to the identity provider.

text/htmlstring

401

application/json

Invalid login.

A representation of the errors encountered from the HTTP request.

application/jsonobject

A representation of the errors encountered from the HTTP request.
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Non-standard information about the error.
  
  titlestring
  Required
  
  The error title.
  
  detailstring
  
  The detailed error message.
  
  statusstring
  
  The http status code.

GET /login

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/login',
    'method': 'GET',
    'headers': {}
  }
  const req = https.request(options)

Exchanges a token in the form of a user JWT for a session cookie. The JWT should be securely signed with an algorithm other than HS, and it should contain the following claims:

. iss: identifies the principal that issued the JWT; it must match the issuer in the IDP definition.
. aud: identifies the recipients of the JWT, which in this case is "qlik.api/login/jwt-session".
. sub: identifies the subject of the JWT.
. subType: the type of identifier the sub represents, which in this case is "user".
. name: the name of the user.
. email: the email address of the user.
. email_verified: a claim indicating to Qlik that the JWT source has verified that the email address belongs to the subject.
. jti: JWT ID; it should be unique for each consumed JWT token.
. iat: identifies the time at which the JWT was issued.
. nbf: identifies the starting time on which the JWT is accepted. The current unix time must be passed this value.
. exp: identifies the expiration time after which the JWT is not accepted.
. keyid: identifies the KeyID used to sign the JWT; it must match the KeyID in the IDP definition.

And the time window between exp and nbf should not exceed 1 hour.

Facts

Rate limit	Tier 2 (100 requests per minute)
Categories	authenticate

Responses

200

application/json

Successfully exchanged JWT for session.

application/jsonobject

401

application/json

Unauthorized.

A representation of the errors encountered from the HTTP request.

application/jsonobject

A representation of the errors encountered from the HTTP request.
Show application/json properties
- errorsarray of objects
  
  List of errors and their properties.
  
  Show errors properties
  
  codestring
  Required
  
  The error code.
  
  metaobject
  
  Non-standard information about the error.
  
  titlestring
  Required
  
  The error title.
  
  detailstring
  
  The detailed error message.
  
  statusstring
  
  The http status code.

POST /login/jwt-session

const https = require('https')
  const data = JSON.stringify("")
  const options =   {
    'hostname': 'https://your-tenant.us.qlikcloud.com',
    'port': 443,
    'path': '/login/jwt-session',
    'method': 'POST',
    'headers': {
      'Authorization': 'Bearer <Signed JWT>'
    }
  }
  const req = https.request(options)

Response

{}