T-Plan REST Authentication


The T-Plan Professional REST API uses Java Web Tokens to authenticate requests for resources on the /api endpoint. Each request needs to provide a JWT in the x-access-token header. The JWT is initially obtained by submitting a POST request to the /tokens endpoint, with the request carrying T-Plan credentials for authentication. Assuming successful authentication, a success response is returned, including the JWT which can be used on subsequent requests.

Each JWT has a lifetime of an hour, after which re-authentication is required to obtain a new token.

Requesting a token

To request a token, you need to submit a POST request to the /tokens endpoint, with your T-Plan Professional credentials either in a Basic Authentication header, or in the body of the request.

Auth Postman

This shows Postman set up to POST a token request to the /tokens endpoint (in this example, an environment variable is used to set the baseURL, http://localhost:8080).

The response object returns details of the authenticated user, the JWT to be used henceforth in further requests to the API, and some starter links to help the client navigate into the T-Plan data model (these are the root nodes in each of the Analyze, Design and Manage hierarchies).