Q. What is the difference between a JWT token and an API token ?
A JWT - JSON Web Token is used to SSO into the Sisense web portal to establish a cookie based web session. An API token is used to make calls to the Sisense REST API for administrative and house keeping tasks.
Q. Do I need an API token to make API calls if I have successfully signed into the Sisense portal ?
No, If you have established a web session either via SSO or form based login you can make REST API calls with the browser without using a token.
Q. How do I generate an API token ?
The easiest way to do this is to generate it via the swagger UI in the sisense admin page. API tokens do not have an expiry.
Q. When I use JWT for SSO, how does Sisense map the user to roles and groups ? Can I pass this along with the JWT ?
You can only pass on the username in the JWT, the mapping of the user to Groups and Roles has to be preset in Sisense.
Q. What if the user does not exist in the system at the time of the SSO ?
You can dynamically create a user and assign Groups and Roles via the REST API right before you trigger the SSO.
