Log in to a database session using an OAuth identity provider

To log in to a hosted database using an OAuth identity provider, use an HTTP POST method with the sessions API endpoint specifying the database. Use the X-FM-Data-OAuth-Request-Id string and X-FM-Data-OAuth-Identifier string in the header to authenticate access to the hosted database. If the authentication is accepted, your code receives an access token that defines your connection to the database. This connection is called a database session.

HTTP method

POST

URL

/fmi/data/version/databases/database-name/sessions

version – the FileMaker Data API version requested can use v1, v2, or vLatest

database-name – the name of the hosted database

HTTP header

Content-Type: application/json

X-FM-Data-OAuth-Request-Id: request-id

X-FM-Data-OAuth-Identifier: identifier-parameter

Parameters An empty set of curly braces. For example: { } May optionally use the fmDataSource parameter to log in to an external data source. See Log in to an external data source.
Response

The access token, an empty response body, and a messages array showing an error code of 0.

The X-FM-Data-Access-Token header is returned in response, which is the session token to be used for subsequent API calls.

For example:

Copy
X-FM-Data-Access-Token: 823c0f48bb80f2187bde6f3859dabd4dcf8ea43be420dfeadf34
{
    "response": {},
    "messages":[{"code":"0","message":"OK"}]
}

See Error responses.

To get the OAuth parameters in JSON format:

  1. Get the list of supported OAuth providers by using an HTTP GET method with this URL:

    https://host/fmws/oauthproviderinfo

    where host is the IP address or domain name of the primary machine in your FileMaker Server deployment. The list is returned in JSON format.

  2. Choose a supported OAuth provider.

  3. Get the tracking ID for your session. Use an HTTP GET method with this URL:

    http://host/oauth/getoauthurl?trackingID=tracking-ID&provider=OAuth-provider&address=127.0.0.1&X-FMS-OAuth-AuthType=2

    where host is the IP address or domain name of the primary machine in your FileMaker Server deployment, tracking-ID is the developer-generated tracking ID for your session, and OAuth-provider is the name of your selected OAuth provider.

    The HTTP header for this request needs to include the following:

    • X-FMS-Application-Type: 9

    • X-FMS-Application-Version: 15

    • X-FMS-Return-URL: http://127.0.0.1/

  4. Read the response header for the X-FMS-Request-ID data. This response header contains the OAuth request ID that you will use for the X-FM-Data-OAuth-Request-ID string in the header.

  5. Read the response header for the X-FMS-Return-URL data. Call the URL returned in this parameter to allow the user to authenticate with the OAuth provider.

  6. The "identifier" returned by the OAuth provider is the OAuth identifier parameter that you will use for the X-FM-Data-OAuth-Identifier string in the header.

See "Editing OAuth account access" in FileMaker Pro Help.