Session token-based authentication¶
Warning
Session token-based authentication is deprecated in favor of API key- and session based authentication methods (form based login, Azure AD, OpenID, etc).
Warning
Session token-based authentication is considered insecure and should not be enabled.
This authentication method was widely used in the past for integrations and supported interactive logins from clients. During login (username+password) the server returned a token which the client then passed with every request as a HTTP header.
These days applications integrating with Lime CRM should instead use API key authentication.
Session token-based authentication is disabled by default but can be re-enabled to make legacy integrations work until until they have been updated to use either API key or session based authentication.
To enable session token-based authentication (not recommended), add the following to the Web Server configuration: