Octopus API (Maximizer.Web.Data) uses a token-based authentication system. A token is an encrypted string which identifies both the user and Maximizer Address Book for which the token is generated. Every method is exposed by Maximizer.Web.Data requires a valid token to be passed as a parameter in order to validate the user making the request.For more examples, please use our public Postman collections.
Authentication in CRM Live
When calling the Authenticate method in a CRM Live account, you must also identify your app to the API by including your VendorId and AppKey in your request, in addition to the database name, username, and password. If these additional parameters are omitted, the authentication will fail.
In general, direct authentication via Octopus API is not recommended. Instead, you are encouraged to use the Maxmizer.Web.Authentication API to obtain tokens for the Maximizer.Web.Data API using OAuth 2.
Example Request (POST)
Send the following POST request to the https://api.maximizer.com/octopus/Authenticate:
{
"Database":"c803e1d4bca111e69525b8e325447ef3",
"UID":"MASTER",
"Password":"MySuperSecretPassword_1",
"VendorId":"63fdf390",
"AppKey":"4BC735DE-BCA2-11E6-B063-67E425447EF3"
}The database name in the request must be the full name of the database, not the account alias. To determine the database name for a CRM Live account, you can make a GET request to the following URL, where {alias} is the alias of your CRM Live account, and {region} is the region in which the account is located (e.g. "caw" or "ukw"):
https://{region}.maximizercrmlive.com/{alias}?request=ab
The name of the database will be returned as a string in the body of the response and will look something like the following, which you can then use as the "Database" property in your Authenticate request:
c803e1d4bca111e69525b8e325447ef3
Authentication in on-premise
Octopus API tokens may be requested using the Authenticate method by passing a user's Maximizer username and password. If you are using Windows authentication, you may omit the user id and password in the request.
When requesting a token you must also specify which Address Book you want to generate the token for by including the Database name for your Address Book in the authentication request.
Example Request (POST)
{
"Database":"EsconaTutorial",
"UID":"JNAPOLI",
"Password":"maximizer"
}Example Response
{
"Code":0,
"Data":{
"Token":"6hkgq7ggm3mdd89hcxfs"
}
}Token expiration
Tokens are stored on the server and remain valid for 10 minutes from the time they are generated. However, once a token is used in a request, its expiry time is refreshed and is updated to 10 minutes after the time of the request. You can keep a token alive by refreshing it up to a maximum of 24 hours, at which point the token will expire automatically.
Once a token has expired, any requests made with that token will fail. To prevent a method call from failing you should check to see if a token is still valid with the TokenValid method before you use it in a request. In general, you should request a new token before each action or operation that you perform using Octopus API to avoid any problems with expired tokens.