Authentication
ServiceHop supports two authentication methods: token-based for the CLI and session-based for the web UI.
CLI Authentication
The CLI uses Bearer token authentication for all API requests.
Configuration
Set your token via environment variable (recommended) or configuration file:
Environment Variable:
export SERVICEHOP_API_TOKEN="shp_your_token_here"
Configuration File (~/.servicehop/config):
api.url=https://servicehop.example.com
api.token=shp_your_token_here
Environment variables take precedence over the configuration file.
How It Works
The CLI includes the token in the Authorization header for all requests:
Authorization: Bearer shp_your_token_here
Validation Process
Each request validates the token by:
- Checking the token exists
- Verifying the hash matches
- Confirming the token is not revoked
- Ensuring the token is not expired
Web Authentication
The web application uses session-based authentication with username/password login.
Login
- Navigate to the ServiceHop web URL
- Enter username and password
- Click Login
A session cookie is created for subsequent requests.
Session Security
| Setting | Value |
|---|---|
| Session timeout | 30 minutes of inactivity |
| Cookie secure | Enabled (HTTPS only) |
| Cookie httpOnly | Enabled (no JavaScript access) |
Logout
Click Logout in the web UI or close the browser to end the session.
Error Responses
Invalid Token
HTTP 401 - Token not found or hash mismatch.
Expired Token
HTTP 401 - Token past expiration date.
Revoked Token
HTTP 401 - Token has been revoked by administrator.
Insufficient Permissions
HTTP 403 - Token role does not permit the requested operation.