The FIMMAS Data Services API provides the ability to verify a login attempt against the web accounts stored in FIMMAS, but does not keep track of end-user sessions. If end-user session management is required, it is up to the external application to implement it.
Authentication between an external application and FIMMAS is done through tokens. Before an external application can make any other requests to the FIMMAS Data Services API, it must authenticate with its app ID and password, and be issued a token.
For help setting up application security in FIMMAS, see FIMMAS Application Security
The token can be configured to expire after a set amount of time, after which a
new token must be requested. The token must be included with every subsequent
request as the fws-api-key header parameter.
It is not recommended for multiple external applications to share credentials or tokens, unless the token is configured to not expire. Only two tokens can be active for a single app ID in FIMMAS, to allow for a grace period when requesting a new token. Instead, create a second application ID in the application security screen in FIMMAS.