There are two ways to generate a JWT authorization token to access resources from the Act! Web API. Basic authentication scheme is dedicated to the authentication using a username and a secret (RFC7617). Bearer authentication scheme is dedicated to the authentication using a bearer token and is described by the (RFC6750).

  1. Generate a request for a JWT token using basic authentication schema (Bearer Token)

    You need to encode the Act! Username and Password using base 64, as well as the database name. RFC2617

    GET: /authorize


    • Act-Database-Name: XXXXXXXXXXX
    cURL Sample

    curl -i http://localhost/act.web.api/authorize -u admin:1234 -H "Act-Database-Name:ACT2018Demo"

    curl -i http://localhost/act.web.api/authorize -H "Authorization:Basic YWRtaW46MTIzNA==" -H "Act-Database-Name:ACT2018Demo"

    Generate a request for a JWT token using bearer authentication schmea (refresh token)

    You only need to supply a bearer token that was once generated from the basic authentication schema.

    GET: /authorize


    cURL Sample

    curl -i http://localhost/act.web.api/authorize -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."

    Authentication Error Codes

    Code Message
    401 Unauthorized indicates that the requested resource requires authentication.
    403 Forbidden indicates that the user does not have the necessary permissions for the resource.
    4030 Incompatibility issue with Act!
    4031 Subscription required.
    4032 API access permission required.

  2. Develop

    You can now authenticate and develop against the Act! Web API! Learn more…



    Act! Premium - Windows® or Act! Premium - Web
    • /act.web.api
    Act! Premium - Cloud
    • Server/{customer}-api/act.web.api

    Rate Limits - Premium Cloud

    API requests are rate limited, so be sure to look at the following headers:

    • X-RateLimit-Limit - the number of calls you can make a minute.
    • X-RateLimit-Remaining - the number of calls you have left this minute.
    • X-RateLimit-Reset - the next time the limit will be reset.
  3. API Version Information:

    To get version information about the API, call this anonymous route: GET: /api/system