There are two ways to generate a JWT authorization token to access resources from the Act! Web API. Basic authentication is dedicated to the authentication using a username and a secret (RFC7617). Bearer authentication is dedicated to the authentication using a bearer token and is described by the (RFC6750).

  1. Generate a token using Basic authentication

    You need to base64 encode the credentials (username:password). RFC2617.Example: admin:1234 will appear like as follows:

    GET: http://localhost/act.web.api/authorize


    • Authorization: Basic YWRtaW46MTIzNA==
    • Act-Database-Name: ACT2018Demo
    cURL Sample

    curl -i http://localhost/act.web.api/authorize -u admin:1234 -H "Act-Database-Name:ACT2018Demo"

    curl -i http://localhost/act.web.api/authorize -H "Authorization:Basic YWRtaW46MTIzNA==" -H "Act-Database-Name:ACT2018Demo"

    Generate a token using Bearer authentication

    You only need to supply a bearer token that was once generated from the basic authentication.

    GET: http://localhost/act.web.api/authorize


    • Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9...
    cURL Sample

    curl -i http://localhost/act.web.api/authorize -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..."

    Authentication Error Codes

    Code Message
    401 Unauthorized indicates that the requested resource requires authentication.
    403 Forbidden indicates that the user does not have the necessary permissions for the resource.
    4030 Incompatibility issue with Act!
    4031 Subscription required.
    4032 API access permission required.

  2. Develop

    You can now authenticate and develop against the Act! Web API! Learn more…



    Act! Premium - Windows® or Act! Premium - Web
    • /act.web.api
    Act! Premium - Cloud
    • Server/{customer}-api/act.web.api

    Rate Limits - Premium Cloud

    API requests are rate limited, so be sure to look at the following headers:

    • X-RateLimit-Limit - the number of calls you can make a minute.
    • X-RateLimit-Remaining - the number of calls you have left this minute.
    • X-RateLimit-Reset - the next time the limit will be reset.
  3. API Version Information:

    To get version information about the API, call this anonymous route: GET: /api/system