Nonce Tokens

Certain API calls require a nonce token. An App can intersperse these calls with secured calls, as necessary.

Defining

Nonce-backed calls, as indicated in their RAML definition, have a corresponding distinction in their cui.js call definition. Such calls, will have a property of cmdType: 'nonce' .

    {
        cmd: 'getRegistrationOrganizations', 
        cmdType: 'nonce', 
        call: '/registration/v1/registrations/organizations', 
        type: 'GET', 
        accepts: 'application/vnd.com.covisint.platform.organization.v1+json'
    }

Calling

First, the App makes a call that is designed to return a nonce. Any API call can return a nonce. Cui.js will detect any nonce that appears in the Response header, and then cache that nonce.

Then, the App can issue a nonce-backed call just like a secured call. There is nothing different about the invocation. Cui.js reads the call definition and takes care of building the appropriate Request Header, using the previously cached nonce.