Files CMIS API extensions: Nonce security extensions 

The Files CMIS API supports extensions to support HTML form endpoints. To protect against CSRF attack vectors, all HTML form endpoints that accept a POST or PUT operation require a nonce security token to provided by the caller to complete.

To fetch the nonce token, clients must perform a GET operation on the URI identified by the link whose relation is equal to http://www.ibm.com/xmlns/prod/sn/cmis/nonce contained in the CMIS service document.

If the request is a POST/PUT/DELETE operation whose content-type starts with application/x-www-form-urlencoded, multipart/form-data or text/plain, the nonce security token must be provided by the client to complete the operation.


Parent topic

Files CMIS API extensions


   

 

});