Using username and password to authenticate the REST API will no longer be supported in WATS version 2025.2.
Why?
Previously, some integrations used credentials embedded directly in the URL to access the REST API. This method poses significant security risks, as sensitive information can be exposed in server logs, browser history, and network traces.
To improve security, WATS now requires a token to authenticate with the REST API. The Tokens page in the Control Panel allows users to create and manage API tokens securely, including revoking tokens when necessary.
What you need to do:
Integrations that rely on username/password authentication will begin receiving a 401 Unauthorized response. Programs using credentials in the URL (e.g., https://user:password@domain/api/...) must be updated to use a token.
Existing integrations that store and reuse a valid token will continue to work. However, any new deployments or programs that attempt to authenticate using a username and password will fail.
For more information:
- Create an API token for your application via the WATS Control Panel - Tokens
- Update your API requests to include the token in the Authorization header - Authentication
Comments
0 comments
Article is closed for comments.