External Authentication via REST API

External Authentication via REST API

This page explains how to format and handle external authentication messages using the REST API.

Overview

During authentication, the REST API connector sends a POST request to your web server (API endpoint) in JSON format. The content of the request depends on the authentication method used (e.g., PAP, MS-CHAP, TTLS-PAP).

Note: Each request includes an API token in the Authorization header as a Bearer token.

Request Parameters

Parameter Description
login The user's username
password The user's password (only available with PAP or TTLS+PAP)
auth_port RADIUS server authentication port that received the request
mschap_challenge MS-CHAP challenge (only if using MS-CHAP)
mschap_response MS-CHAP response (only if using MS-CHAP)

Sample Request

curl -i -X POST https://YOUR_API_ENDPOINT \
  -H "Authorization: Bearer YOUR_API_TOKEN" \
  -H "Content-Type: application/json" \
  -d '{
    "login": "user1",
    "auth_port": "11111",
    "mschap_challenge": "99999999",
    "mschap_response": "888888888888888888"
  }'

Response Handling

✅ Success (2xx Status Code)

A 2xx response indicates successful authentication. Attributes in the response will be added to the RADIUS reply and forwarded to the Wireless Controller.

HTTP/1.1 200 OK
Content-Type: application/json

{
  "return_url": "https://www.google.com",
  "valid_until": "2017/01/10 01:59:59 +0000",
  "valid_from": "2017/01/09 02:03:52 +0000",
  "nt_key": "abcd12345",
  "membership_id": "123456",
  "membership": {
    "name": "John Sample",
    "id": "12345678"
  },
  "id": "123456789abcdef",
  "attributes": [
    {
      "name": "Tunnel-Private-Group-Id",
      "value": "101",
      "op": ":="
    },
    {
      "name": "Acct-Interim-Interval",
      "value": "300",
      "op": ":="
    }
  ]
}

❌ Failure (4xx Status Code)

A 4xx response indicates authentication failure. The error message in the body will be used to reject the access request.

HTTP/1.1 422 Unprocessable Entity
Content-Type: application/json

{
  "errors": [
    "Email/login or password incorrect."
  ]
}

    • Related Articles

    • REST API

      Full documentation of our API is available on this webpage If you are a software developer or integrator, you might want to use the provided API (Application Programming Interface) to integrate the IronWiFi authentication service with your existing ...

    • Authentication Providers

      Authentication Providers define how users are allowed to authenticate on a Splash page. Users will be allowed to use any available authentication method, and the Report will contain information about the authentication provider. Add a New ...

    • API Keys

      Table of Contents What are API Keys? Create an API Key API Key Permissions Edit an API Key Deactivate an API Key Sending requests With an API Key What are API Keys? API keys are used by your application, or website to authenticate access to IronWiFi ...

    • What are API Keys?

      API keys are used by your application, or website to authenticate access to IronWiFi services. They are the preferred alternative to using a username and password because you can revoke an API key at any time without having to change your username ...

    • How to test the Anonymous Authentication Method

      This article operates under the assumption that a captive portal is already set-up, and the Anonymous authentication method is selected. If this step has not already been completed, please refer to this article for assistance. Authentication Methods ...