Getting the X-Bonita-API-Token


To Whom it may concern,

I am using Bonitasoft Subscription Version 7.3+.

I am trying to access Bonitasoft information from another application, on a different domain.

I am successfully using the 'loginservice' API. I am getting a status of 200. However I cannot get the X-Bonita-API-Token directly from that response.

I can see that the token is being set correctly in my browser as a cookie under the Bonitasoft server domain. However I am unable to access the cookies on that domain for the obvious reasons.

I need this token to make subsequent PUT, POST, and DELETE REST API calls. It is required in the header.

How can I get this token locally and put it in the headers of subsequent calls? I appreciate that it is being automatically put into all subsequent calls as a cookie by my browser, but it is not being put into the header.

Thank you,


Submitted by agaughan on Fri, 07/14/2017 - 22:29

Also the server that is being used is WildFly, not Tomcat.

1 answer


Someone on my team was able to solve this problem.

After the login service use 'API/system/session/unusedId' and that service will return the token.


Submitted by Lionel Palacin on Mon, 07/17/2017 - 23:02

Thanks for the answer!