Note: still in high-rate evolution, subject to change. This page subject to change!

Core idea is that authentication leads to the return of a **token **created by the server. Client must store this token and return it on subsequent sessions with the server, up until logging out. The server creates a Ticket, a kind of credential object which is passed among the processes. That Ticket is cached locally for subsequent sessions, with the token serving as the Ticket's access key.
The system includes watching the user's IP which the client much submit.

The protocol entails a REST URL which includes:

1. application specifier, e.g. "admin/"
2. a JSON string which includes:
   • Verb
   • UserIdentity (on most POST operations)
   • Cargo (on most POST operations).
     
     

Some sample Javascript code:

self.getCoreQuery = function(verb, userId, userIP) {
var query = {};
query.verb = verb;
query.uIP = userIP;
query.uName = userId;
return query;
};

followed by the remaining details:

self.listUsers = function (start, count, userId, userIP, responseFunction) {
var result = [],
query = self.getCoreQuery('ListUsers', userId, userIP);
urx = 'tm/';
query.from = '0';
query.count = '-1';
doGet(urx + JSON.stringify(query), configService, function (err, response) {
console.log("ListUsers " + err + " | " + response);
if (response !== null) {
var cargo = response.cargo;
console.log(JSON.stringify(cargo));
result = cargo;
//[{"crDt":"2015-07-23T12:48:26-07:00","trCl":["UserType"],"crtr":"SystemUser",
//"lox":"jackpark","sIco":"/images/person_sm.png","isPrv":"false","_ver":"1437680906846",
// "lEdDt":"2015-07-23T12:48:26-07:00","details":[""],"label":["Jack Park"],
//"lIco":"/images/person.png","inOf":"UserType"}]
}
return responseFunction(result);
});
};

In that example, there is no cargo section, just the raw parameters necessary to ask for a list of topics known to the topicmap to be of UserType, in a range from 0 to -1, where -1 means send everything.