Skip to content

Login

This API is used to interact with Edge Auth resources in Qlik elastic environments.

Endpoints

Skip to section
GET/login
POST/login/jwt-session

Login using interactive identity provider associated with the tenant.

authenticate

Facts GET /login

Rate limit
Tier 1 (1000 requests per minute)

Header Parameters GET /login

Qlik-Web-Integration-ID
optional
string

Web Integration ID associated with origin whitelist used to validate returnto value

Query Parameters GET /login

returnto
optional
string

Relative or full URL to redirect to after successful login.

Responses GET /login

302
optional, text/html
string

Redirect to the identity provider.

401
optional, application/json

Invalid login.

GET/login

curl "https://your-tenant.us.qlikcloud.com/login"

Exchanges a token in the form of a user JWT for a session cookie.

authenticate

The JWT should be securely signed with an algorithm other than HS, and it should contain the following claims:

  1. iss: identifies the principal that issued the JWT; it must match the issuer in the IDP definition.
  2. aud: identifies the recipients of the JWT, which in this case is "qlik.api/login/jwt-session".
  3. sub: identifies the subject of the JWT.
  4. subType: the type of identifier the sub represents, which in this case is "user".
  5. name: the name of the user.
  6. email: the email address of the user.
  7. email_verified: a claim indicating to Qlik that the JWT source has verified that the email address belongs to the subject.
  8. jti: JWT ID; it should be unique for each consumed JWT token.
  9. iat: identifies the time at which the JWT was issued.
  10. nbf: identifies the starting time on which the JWT is accepted. The current unix time must be passed this value.
  11. exp: identifies the expiration time after which the JWT is not accepted.
  12. keyid: identifies the KeyID used to sign the JWT; it must match the KeyID in the IDP definition.

And the time window between exp and nbf should not exceed 1 hour.

Facts POST /login/jwt-session

Rate limit
Tier 2 (100 requests per minute)

Responses POST /login/jwt-session

200
optional, application/json
object

Successfully exchanged JWT for session.

401
optional, application/json

Unauthorized.

POST/login/jwt-session

curl "https://your-tenant.us.qlikcloud.com/login/jwt-session" \
 -X POST \
 -H "Authorization: Bearer <Signed JWT>"

Response POST /login/jwt-session

{
  "undefined": {}
}

Error

object

An error object.

Properties

code
string

The error code.

meta
optional
object

Non-standard information about the error

title
string

The error title.

detail
optional
string

The detailed error message

status
optional
string

The http status code.

Errors

object

A representation of the errors encountered from the HTTP request.

Properties

errors
optional

No description

v0.574.0
Was this page helpful?