Authenticating to AM Using REST

To authenticate to AM using REST, make an HTTP POST request to the json/authenticate endpoint. You must specify the entire hierarchy of the realm, starting at the Top Level Realm. Prefix each realm in the hierarchy with the realms/ keyword. For example, /realms/root/realms/customers/realms/europe.

For authentication journeys where providing a user name and password is enough, you can log in to AM using a curl command similar to the following:

$ curl \
--request POST \
--header "Content-Type: application/json" \
--header "X-OpenAM-Username: demo" \
--header "X-OpenAM-Password: Ch4ng31t" \
--header "Accept-API-Version: resource=2.0, protocol=1.0" \
'https://tenant-name.forgeblocks.com/am/json/realms/root/realms/alpha/authenticate'
{
    "tokenId": "AQIC5w…​NTcy*",
    "successUrl": "/openam/console",
    "realm":"/alpha"
}

Note that the user name and password are sent in headers; this zero page login mechanism works only for name/password authentication.

AM returns a tokenID object that applications can present as a cookie value for other operations that require authentication. This object is called a session token.

In this example, AM uses the default authentication service configured for the realm. You can override the default by specifying authentication services and other options in the REST request. To support complex authentication journeys, such as multi-factor authentication, AM implements callback mechanisms.

For more information about how to authenticate, log out, and use AM session tokens, see Authenticating (REST).